CVE Details
Basic Information
| Title | Security Ninja – Secure Firewall & Secure Malware Scanner – 5.201 – 5.242 – Authenticated (Administrator+) Arbitrary File Read |
|---|---|
| Type | cve |
| Published | 2025-07-24T07:22:12.991Z |
| Modified | 2025-07-24T07:22:12.991Z |
Product Information
| Vendor | cleverplugins |
|---|---|
| Product | Security Ninja – WordPress Security Plugin & Firewall |
| Version | 5.201 |
CVSS Information
| Base Score | 4.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
AI Analysis
| AI Description | The Security Ninja WordPress plugin is vulnerable to Arbitrary File Read, allowing authenticated attackers with Administrator access to read sensitive files on the server. This affects all versions up to 5.242. |
|---|---|
| AI Severity | High |
| AI Vendor | WordPress Community |
| AI Product | Security Ninja – WordPress Security Plugin & Firewall |
| AI Version | up to 5.242 |
Affected Products
- cleverplugins Security Ninja – WordPress Security Plugin & Firewall 5.201
Additional Information
| CWE List | CWE-36 |
|---|---|
| Source | Wordfence |
Description
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the ‘get_file_source’ function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/51ee45f8-9978-48ec-8f87-229dc82938a8?source=cve
- https://plugins.trac.wordpress.org/browser/security-ninja/trunk/modules/core-scanner/core-scanner.php#L33
- https://plugins.trac.wordpress.org/browser/security-ninja/trunk/modules/core-scanner/core-scanner.php#L186
- https://plugins.trac.wordpress.org/changeset/3333048/