CVE-2025-2056
Published: 14 March 2025
Summary
CVE-2025-2056 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Wpplugins Hide My Wp Ghost. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 26.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the path traversal vulnerability by requiring identification, reporting, and correction of the flaw in the WP Ghost plugin through patching to version 5.4.02.
Prevents exploitation of the showFile function by validating file path inputs to block directory traversal sequences like '../'.
Enforces access control policies to restrict unauthenticated logical access to sensitive files, addressing the bypass in the plugin's file access restrictions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path traversal in public-facing WordPress plugin enables remote unauthenticated file read, directly mapping to T1190 for exploitation of the web application and T1005 for collection of sensitive data from local system files like configs and credentials.
NVD Description
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read…
more
the contents of specific file types on the server, which can contain sensitive information.
Deeper analysisAI
CVE-2025-2056 is a path traversal vulnerability (CWE-23) affecting the WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress in all versions up to and including 5.4.01. The flaw exists in the showFile function within the plugin's Files.php model, enabling attackers to bypass intended file access restrictions and read the contents of specific file types on the server. These files may contain sensitive information, with the vulnerability rated at a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating high confidentiality impact.
Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no user interaction required. By sending crafted requests to the vulnerable showFile function, they can traverse directory paths to access and disclose sensitive files, potentially exposing configuration data, credentials, or other critical information hosted on the WordPress server.
Advisories reference a patch in version 5.4.02 of the plugin, as indicated by the WordPress plugin trac browser at line 336 in models/Files.php. The Wordfence threat intelligence page provides further details on the vulnerability (ID: f43db496-80ea-442c-9417-7aa03ec95f02), recommending immediate updates to mitigate the issue. Security practitioners should verify installations and apply the latest plugin version to prevent exploitation.
Details
- CWE(s)