CVE-2025-49029 Scanner

The WordPress Custom Login And Signup Widget Plugin is widely used by website administrators to facilitate custom user login and signup functionalities. This plugin is predominantly used by WordPress site owners aiming to enhance and customize the default WordPress login experience. It's a popular choice for those who wish to provide a unique user registration and login interface on their site. Developers and webmasters leverage this plugin to integrate seamless login capabilities without extensive coding. Being a part of the widespread WordPress ecosystem, this plugin is installed by users looking to simplify login and sign-up processes. Thus, keeping the plugin secure is essential, given its prominent usage in managing user authentication tasks.

The vulnerability in question is a Code Injection vulnerability affecting versions up to and including 1.0 of the plugin. This issue allows an authenticated attacker to execute arbitrary code on the server where the plugin is installed. Such vulnerabilities are critical as they can provide a gateway for malicious actors to take control over the website's operations. The vulnerability was identified in the plugin's handling of user input within the settings page. Attackers could exploit this flaw using specially crafted inputs that allow the execution of unauthorized code. Consequently, this poses a significant threat to the integrity and security of the affected website.

Technically, the vulnerability manifests in the plugin's options page, specifically with the vulnerable 'text' parameter. By sending a POST request to the specified endpoint with crafted PHP code, an attacker can insert code into the WordPress environment. The code injection allows for the execution of arbitrary system commands via the vulnerable input area. This oversight in validating and sanitizing user-provided data leads to the potential for unauthorized command execution. As a result, affected systems can face unauthorized data manipulations and disruptions. The exploit depends on injecting PHP code where inadequate input sanitization permits its execution.

When this vulnerability is exploited by a malicious actor, the outcomes could be severe, potentially resulting in system compromise and loss of data integrity. Attackers can execute arbitrary system commands which might lead to unauthorized access to sensitive system resources. Moreover, the affected site can become a host for malicious activities, targeting users and other internet resources. Effective exploitation could result in the defacing of the website, loss of functionality, or complete takeover of the administrative operations. This breach could lead to data exfiltration or advanced persistent threats if not swiftly and effectively mitigated.

REFERENCES

• https://github.com/Nxploited/CVE-2025-49029
• https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/custom-login-and-signup-widget/custom-login-and-signup-widget-10-authenticated-administrator-remote-code-execution