CVE-2025-10412 — AI Deep Analysis Summary

🚨 **Essence**: Critical code flaw in **Uni CPO (Premium)** plugin. <br>💥 **Consequences**: Full system compromise. CVSS is **HIGHEST** (9.8/10). Attackers gain total control over the WordPress site.

🛡️ **Root Cause**: **CWE-434** (Unrestricted Upload of File with Dangerous Type). <br>⚠️ **Flaw**: The plugin allows uploading or handling files without proper validation, leading to remote code execution.

📦 **Affected**: **MooMoo**'s **Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium)**. <br>📉 **Version**: **4.9.54 and earlier**. If you are on this version or older, you are at risk!

🔓 **Hackers Can**: Execute arbitrary code. <br>👁️ **Data Access**: Read sensitive data. <br>🔧 **Modification**: Alter site content. <br>📉 **Availability**: Crash the server. <br>*(CVSS: C:H, I:H, A:H)*

🔑 **Threshold**: **LOW**. <br>🚫 **Auth**: No authentication required (**PR:N**). <br>🌐 **Network**: Remote (**AV:N**). <br>👀 **UI**: No user interaction needed (**UI:N**). Easy to exploit!

💻 **Public Exploit**: **No** specific PoC provided in data (**pocs**: []). <br>🔥 **Wild Exploit**: Likely exists due to high severity and low barrier. Assume it is being exploited in the wild.

🔍 **Self-Check**: Scan for **Uni CPO (Premium)** plugin. <br>📊 **Version Check**: Verify if version is **≤ 4.9.54**. <br>🛠️ **Tool**: Use WordPress plugin scanners or check `wp-content/plugins` directory.

🩹 **Fix**: Update plugin to **version > 4.9.54**. <br>📢 **Vendor**: **MooMoo** (Builderius).…

🚧 **No Patch?**: **Disable** the plugin immediately. <br>🧱 **WAF**: Block file upload endpoints related to CPO. <br>👮 **Monitor**: Watch for suspicious PHP execution in uploads folder.

🚨 **Urgency**: **CRITICAL**. <br>⏰ **Priority**: **IMMEDIATE ACTION**. <br>📅 **Published**: 2025-09-23. <br>💡 **Advice**: Patch NOW. This is a high-severity, remote, unauthenticated vulnerability.