{"uuid": "c961e893-fa5c-46d5-92db-7b41eafab95f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2005", "type": "published-proof-of-concept", "source": "https://t.me/cybersecplayground/160", "content": "\ud83d\udea8 Critical 0-Day Alert: CVE-2025-2005 (CVSS 10) \u2013 WordPress Plugin File Upload Vulnerability!\n\nA Critical RCE vulnerability has been discovered in the Front End Users Plugin for WordPress, affecting versions \u2264 3.2.32. This flaw allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution on the server!\n\n\u2e3b\n\n\u26a0\ufe0f Vulnerability Details:\n \u2022 Plugin: Front End Only Users\n \u2022 Version Affected: \u2264 3.2.32\n \u2022 Impact: Unauthenticated File Upload \u2192 Full Server Takeover\n \u2022 CVSS Score: 10.0 (Critical)\n\n\u2e3b\n\n\ud83d\udd25 Proof of Concept:\n\nPoC available here:\ngithub.com/Nxploited/CVE-\u2026\n\n\u2e3b\n\nFOFA Dork:\n\nbody=\"/wp-content/plugins/front-end-only-users/\"\n\n\u2e3b\n\n\u2705 Recommendation:\n \u2022 Update the plugin immediately or remove it if not in use\n \u2022 Monitor for suspicious uploads and unexpected PHP files\n \u2022 Harden server file permissions and enable WAF rules\n\n\u2e3b\n\nStay ahead of zero-days with us!\nJoin @CyberSecPlayground for exclusive vulnerability alerts, private tools, and real-time bug bounty tips.\n\n\n#CVE2025_2005 #WordPress #Exploit #0day #CyberSecurity #FOFA #OSINT #BugBounty #CyberSecPlayground", "creation_timestamp": "2025-04-04T09:02:05.000000Z"}