BitFire

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more when directory listing is enabled on the server.

Basic Information

ID CVE-2025-6722

Source Wordfence

Published Aug 2, 2025 at 09:23

Modified Aug 5, 2025 at 19:18

Affected Product

Vendor bitslip6

Product BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security

Version *

Affected Versions bitslip6 BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security *

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "The BitFire Security \u2013 Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more when directory listing is enabled on the server.",
    "published": "2025-08-02T09:23:31.313Z",
    "modified": "2025-08-05T19:18:09.826Z",
    "type": "cve",
    "title": "BitFire <= 4.5 - Unauthenticated Information Exposure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/72320980-733d-4fe6-9a13-39c476b77298?source=cve\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3335461%40bitfire&new=3335461%40bitfire&sfp_email=&sfph_mail=\nhttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3334399%40bitfire&new=3334399%40bitfire&sfp_email=&sfph_mail=",
    "id": "CVE-2025-6722",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "bitslip6 BitFire Security \u2013 Firewall, WAF, Bot/Spam Blocker, Login Security *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "BitFire Security \u2013 Firewall, WAF, Bot/Spam Blocker, Login Security",
    "version": "*",
    "vendor": "bitslip6",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

BitFire <= 4.5 - Unauthenticated Information Exposure_CVE-2025-6722