CVE-2025-32583

CRITICAL

termel PDF 2 Post <2.4.0 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-32583. PoCs published by GadaLuBau1337, Nxploited, Boshe99.

AI-analyzed exploit summary This exploit targets a WordPress plugin vulnerability (CVE-2025-32583) allowing authenticated users to upload a malicious ZIP file containing PHP code, leading to remote code execution (RCE). The PoC automates login, nonce extraction, payload creation, and upload.

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in termel PDF 2 Post pdf2post allows Remote Code Inclusion.This issue affects PDF 2 Post: from n/a through <= 2.4.0.

Exploits (3)

nomisec WORKING POC 2 stars

by GadaLuBau1337 · poc

https://github.com/GadaLuBau1337/CVE-2025-32583

View Code ZIP pw:eip

This exploit targets a WordPress plugin vulnerability (CVE-2025-32583) allowing authenticated users to upload a malicious ZIP file containing PHP code, leading to remote code execution (RCE). The PoC automates login, nonce extraction, payload creation, and upload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress PDF 2 Post Plugin <= 2.4.0

Auth required

Prerequisites: Valid WordPress credentials · PDF 2 Post plugin installed and activated

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Nxploited · poc

https://github.com/Nxploited/CVE-2025-32583

View Code ZIP pw:eip

This exploit targets a WordPress plugin vulnerability (CVE-2025-32583) allowing authenticated users to upload a malicious ZIP file containing PHP code, leading to remote code execution. The script automates login, nonce extraction, payload creation, and upload.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WordPress PDF 2 Post Plugin <= 2.4.0

Auth required

Prerequisites: Valid WordPress credentials · PDF 2 Post plugin installed and activated · Network access to target WordPress site

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-32583

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2025-32583, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit script demonstrates the ability to upload a malicious file to a vulnerable target.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin 3DPrint Lite 1.9.1.4

No auth needed

Prerequisites: Target URL · Path to the file to be uploaded

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (2)

Core 2

Core References

Vdb Entry vdb-entry

https://patchstack.com/database/Wordpress/Plugin/pdf2post/vulnerability/wordpress-pdf-2-post-plugin-2-4-0-remote-code-execution-rce-vulnerability?_s_id=cve

Third Party Advisory

https://patchstack.com/database/wordpress/plugin/pdf2post/vulnerability/wordpress-pdf-2-post-plugin-2-4-0-remote-code-execution-rce-vulnerability?_s_id=cve

Scores

CVSS v3 9.9

EPSS 0.1129

EPSS Percentile 95.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

termel/PDF 2 Post < 2.4.0

Published Apr 17, 2025

Tracked Since Feb 18, 2026