CVE-2025-7327
Published: 08 July 2025
Summary
CVE-2025-7327 is a high-severity PHP Remote File Inclusion (CWE-98) vulnerability in Radiustheme Widget For Google Reviews. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 23.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of the layout parameter to block directory traversal payloads, directly preventing inclusion and execution of arbitrary PHP files.
Directly remediates the directory traversal vulnerability by identifying, reporting, and patching the affected Widget for Google Reviews plugin versions up to 1.0.15.
Enforces least privilege to limit subscriber-level access, reducing the scope of exploitable resources and potential impact of PHP code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Directory traversal in public-facing WordPress plugin directly enables remote PHP file inclusion and code execution (T1190); facilitates web shell deployment for persistent access and RCE (T1505.003).
NVD Description
The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and…
more
execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
Deeper analysisAI
CVE-2025-7327 is a directory traversal vulnerability in the Widget for Google Reviews plugin for WordPress, affecting all versions up to and including 1.0.15. The flaw exists in the handling of the "layout" parameter, which allows attackers to include and execute arbitrary PHP files on the server. Associated with CWE-98, it has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation with low privileges.
Authenticated attackers with Subscriber-level access or higher can exploit this vulnerability over the network without user interaction. By manipulating the layout parameter, they can traverse directories to include arbitrary PHP files, enabling PHP code execution. This facilitates bypassing access controls, extracting sensitive data, or achieving remote code execution, particularly if PHP code is embedded in uploaded images or other "safe" file types, though exploitation is restricted to PHP files.
Mitigation details are outlined in the plugin's WordPress Trac changeset (from revision 3201057 to 3316262 in the business-reviews-wp trunk repository) and a Wordfence threat intelligence advisory, which likely include patches fixing the directory traversal issue in updated versions beyond 1.0.15. Security practitioners should update the plugin immediately and review access controls for low-privilege users.
Details
- CWE(s)