Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure

July 22, 2025 invoker category_cve

CVE Details

Basic Information

Title Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure
Type cve
Published 2025-07-22T09:22:43.204Z
Modified 2025-07-22T09:22:43.204Z

Product Information

Vendor mia4
Product Birth Chart Compatibility
Version *

CVSS Information

Base Score 5.3 (MEDIUM)
Attack Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

  • mia4 Birth Chart Compatibility *

Additional Information

CWE List CWE-200
Source Wordfence

Description

The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin’s index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.