CVE-2025-2881

4/12/2025 3:15:14 AM

27 روز قبل

Reporter :security@wordfence.com

Modified :4/12/2025 3:15:14 AM

Problem Data :CWE-200

Description

The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.

Cvss Version 3.1

5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	Low
Integrity Impact	None
Availability Impact	None

EPSS

Epss Score	0
Epss Percentile	0

Note: Consider this fact that the EPSS model relies on historical data and real-world exploit information to calculate the probability of exploitation. When a CVE is newly published, there isn't enough data available to determine its likelihood of being exploited. As a result, the EPSS score defaults to 0 until more information becomes available.

Reference

لینک	منبع	تگ ها
https://www.wordfence.com/threat-intel/vulnerabilities/id/e10ba37a-cd7d-4fc9-8b41-806fa3dc7785?source=cve
https://wordpress.org/plugins/developer-toolbar/#developers
https://plugins.trac.wordpress.org/browser/developer-toolbar/trunk/views/phpinfo.php#L45