CVE-2025-6389

Published Nov 25, 2025

Last updated 4 months ago

CVSS critical 9.8

Overview

Description
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). This makes it possible for unauthenticated attackers to execute code on the server which can be leveraged to inject backdoors or, for example, create new administrative user accounts.
Source
security@wordfence.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-94

Social media

Hype score
Not currently trending

  1. CVE-2025-6389: WordPress Sneeit Framework plugin vulnerability currently under active exploitation PoC: https://t.co/qaL1hZVXPP… https://t.co/xXGNl1XBMj

    @Hackervidya

    7 Jan 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-6389: WordPress Sneeit Framework plugin vulnerability currently under active exploitation PoC: https://t.co/2oWmA3t8v1 ▪️Vulnerability Type: Remote Code Execution (RCE) ▪️CVSS: 9.8 ▪️Published: 11/24/2025 Impact: ▪️Full site compromise ▪️Crea

    @DarkWebInformer

    6 Jan 2026

    11881 Impressions

    28 Retweets

    121 Likes

    92 Bookmarks

    1 Reply

    0 Quotes

  3. #VulnerabilityReport #CriticalRCE Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE https://t.co/n9Ajf4GzyT

    @Komodosec

    31 Dec 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-6389 - WordPress Sneeit Framework plugin vulnerability under active exploitation https://t.co/meGTljL5J4 https://t.co/4cmi0n8axu

    @PhotoZel

    21 Dec 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-6389 - WordPress Sneeit Framework plugin vulnerability under active exploitation https://t.co/x5jdKB8slw https://t.co/X1SWfZUk5J

    @CloudVirtues

    19 Dec 2025

    33 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-6389 - WordPress Sneeit Framework plugin vulnerability under active exploitation https://t.co/5fr1gWfgJU https://t.co/9TXHRvstAV

    @SirajD_Official

    19 Dec 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. WordPressのSneeit Frameworkに深刻な欠陥が見つかった(CVE-2025-6389)。認証不要でコード実行され、サイト乗っ取りが可能となる。公開当日から無差別攻撃が始まっている。

    @yousukezan

    8 Dec 2025

    4483 Impressions

    13 Retweets

    30 Likes

    17 Bookmarks

    0 Replies

    0 Quotes

  8. 📌 تم استغلال ثغرة خطيرة في إضافة Sneeit لوردبريس، تتعلق بتنفيذ التعليمات البرمجية عن بُعد (CVE-2025-6389) ومعدل خطورة 9.8. تؤثر الثغرة على جميع الإصدارات حتى 8.3 وتم

    @Cybercachear

    8 Dec 2025

    49 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️ Hackers are exploiting a bug in the Sneeit Framework plugin (CVE-2025-6389) to run code on servers and create admin accounts on WordPress sites. ⚠️ Separately, a flaw in ICTBroadcast (CVE-2025-2611) lets attackers use the BROADCAST cookie for unauthenticated remote sh

    @TheHackersNews

    8 Dec 2025

    18609 Impressions

    55 Retweets

    181 Likes

    35 Bookmarks

    3 Replies

    2 Quotes

  10. 🚨 𝐇𝐚𝐜𝐤𝐞𝐫𝐬 𝐄𝐱𝐩𝐥𝐨𝐢𝐭 𝐖𝐨𝐫𝐝𝐏𝐫𝐞𝐬𝐬 𝐏𝐥𝐮𝐠𝐢𝐧 𝐅𝐥𝐚𝐰 𝐟𝐨𝐫 𝐑𝐞𝐦𝐨𝐭𝐞 𝐂𝐨𝐝𝐞 𝐄𝐱𝐞𝐜𝐮𝐭𝐢𝐨𝐧 • A critical RCE vulnerability exists in t

    @PurpleOps_io

    5 Dec 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. WordPressの複数の有料テーマに同梱されるSneeit Frameworkで深刻なRCE脆弱性(CVE-2025-6389)が公表され、公開当日に大規模攻撃が殺到している。攻撃者は未更新サイトを即座に狙い、管理権限奪取やバックドア設置を次

    @yousukezan

    4 Dec 2025

    1307 Impressions

    1 Retweet

    9 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  12. WordPress プラグイン「Sneeit Framework」に深刻な脆弱性(CVE-2025-6389) https://t.co/8M96o76l1p #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    1 Dec 2025

    83 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-6389 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8..https://t.co/lHaSAFe6rR #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    30 Nov 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. GitHub - B1ack4sh/Blackash-CVE-2025-6389: CVE-2025-6389 https://t.co/LntuWMu7V6

    @akaclandestine

    26 Nov 2025

    2484 Impressions

    7 Retweets

    27 Likes

    20 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 CVE-2025-6389 Sneeit Framework (≤8.3) is under active exploitation. Unauthenticated attackers can trigger remote code execution (RCE) ⚠️ CVSS 9.8 Critical – Backdoors, admin account creation & full site takeover reported 🛡️ Update or disable now, enable

    @MNovofastovsky

    25 Nov 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 CVE-2025-6389 Sneeit Framework (≤8.3) is under active exploitation. Unauthenticated attackers can trigger remote code execution (RCE) ⚠️ CVSS 9.8 Critical – Backdoors, admin account creation & full site takeover reported 🛡️ Update or disable now, enable

    @MNovofastovsky

    25 Nov 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE https://t.co/wArXKYHIQJ

    @Karma_X_Inc

    25 Nov 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. [CVE-2025-6389: CRITICAL] WordPress plugin Sneeit Framework is vulnerable to Remote Code Execution in all versions up to 8.3. Attackers can exploit this to execute code on the server. #CyberSecurity#cve,CVE-2025-6389,#cybersecurity https://t.co/nPfhH6pPVj https://t.co/JIKlwIBDpj

    @CveFindCom

    25 Nov 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 🚨🚨CVE-2025-6389 (CVSS 9.8): Critical Unauthenticated RCE in Sneeit Framework for WordPress Search by vul.cve Filter👉vul.cve="CVE-2025-6389" ZoomEye Dork👉app="WordPress Sneeit Plugin" 308 public instances exposed. ZoomEye Link: https://t.co/8TdekJb41y Refer: 1. http

    @zoomeye_team

    25 Nov 2025

    2554 Impressions

    5 Retweets

    36 Likes

    8 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 CRITICAL: Sneeit Framework for WordPress (all versions) hit by CVE-2025-6389! Remote code execution risk for all sites — patch ASAP! 🛡️ https://t.co/PCUzJMLqgD #OffSeq #WordPress #CVE2025_6389 https://t.co/eEhtBeJ4w7

    @offseq

    25 Nov 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. CVE-2025-6389 The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback()… https://t.co/AJVERcztbA

    @CVEnew

    25 Nov 2025

    196 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.