CVE-2025-4222

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-4222
The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data.

5.9 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247
https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76
https://www.guyshavit.com/post/cve-2025-4222
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve
Configurations

No configuration.

History

13 May 2025, 18:15

Type Values Removed Values Added
References
  • () https://www.guyshavit.com/post/cve-2025-4222 -

05 May 2025, 20:54

Type Values Removed Values Added
Summary
  • (es) El complemento Database Toolset para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.8.4 incluida, a través de archivos de copia de seguridad almacenados en una ubicación de acceso público. Esto permite a atacantes no autenticados extraer información confidencial de los archivos de copia de seguridad de la base de datos. Existe un archivo de índice, por lo que un ataque de fuerza bruta tendría que tener éxito para comprometer los datos.

03 May 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-03 03:15

Updated : 2025-05-13 18:15

NVD link : CVE-2025-4222

Mitre link : CVE-2025-4222

CVE.ORG link : CVE-2025-4222

JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor