CVE-2025-2056
Published: 14 March 2025
Summary
CVE-2025-2056 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Wpplugins Hide My Wp Ghost. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress contains a path traversal vulnerability in the showFile function that affects all versions through 5.4.01. The flaw, tracked as CWE-23, permits an unauthenticated network attacker to supply crafted input that results in disclosure of the contents of specific file types stored on the server.
An attacker requires no credentials or user interaction and can leverage the issue to obtain sensitive information that may reside in the readable files, corresponding to the CVSS 7.5 rating that reflects high confidentiality impact with low attack complexity.
The current EPSS score of 0.0058 has risen from a lower baseline to a recorded peak of 0.0129, indicating increased exploitation interest after public disclosure. The referenced Wordfence advisory and plugin source listing for version 5.4.02 provide the primary public references for the issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-6427
Vulnerability details
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read…
more
the contents of specific file types on the server, which can contain sensitive information.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing WordPress plugin enables remote unauthenticated file read, directly mapping to T1190 for exploitation of the web application and T1005 for collection of sensitive data from local system files like configs and credentials.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the path traversal vulnerability by requiring identification, reporting, and correction of the flaw in the WP Ghost plugin through patching to version 5.4.02.
Prevents exploitation of the showFile function by validating file path inputs to block directory traversal sequences like '../'.
Enforces access control policies to restrict unauthenticated logical access to sensitive files, addressing the bypass in the plugin's file access restrictions.