Cyber Resilience

CVE-2025-2056

High

Published: 14 March 2025

Published
14 March 2025
Modified
20 June 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0058 69.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2056 is a high-severity Relative Path Traversal (CWE-23) vulnerability in Wpplugins Hide My Wp Ghost. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 30.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress contains a path traversal vulnerability in the showFile function that affects all versions through 5.4.01. The flaw, tracked as CWE-23, permits an unauthenticated network attacker to supply crafted input that results in disclosure of the contents of specific file types stored on the server.

An attacker requires no credentials or user interaction and can leverage the issue to obtain sensitive information that may reside in the readable files, corresponding to the CVSS 7.5 rating that reflects high confidentiality impact with low attack complexity.

The current EPSS score of 0.0058 has risen from a lower baseline to a recorded peak of 0.0129, indicating increased exploitation interest after public disclosure. The referenced Wordfence advisory and plugin source listing for version 5.4.02 provide the primary public references for the issue.

EU & UK References

Vulnerability details

The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read…

more

the contents of specific file types on the server, which can contain sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Path traversal in public-facing WordPress plugin enables remote unauthenticated file read, directly mapping to T1190 for exploitation of the web application and T1005 for collection of sensitive data from local system files like configs and credentials.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-26909Same product: Wpplugins Hide My Wp Ghost
CVE-2025-27553Shared CWE-23
CVE-2026-43533Shared CWE-23
CVE-2025-55747Shared CWE-23
CVE-2025-20059Shared CWE-23
CVE-2026-1022Shared CWE-23
CVE-2025-27610Shared CWE-23
CVE-2024-56340Shared CWE-23
CVE-2026-5422Shared CWE-23
CVE-2026-41551Shared CWE-23

Affected Assets

wpplugins
hide my wp ghost
≤ 5.4.02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the path traversal vulnerability by requiring identification, reporting, and correction of the flaw in the WP Ghost plugin through patching to version 5.4.02.

prevent

Prevents exploitation of the showFile function by validating file path inputs to block directory traversal sequences like '../'.

prevent

Enforces access control policies to restrict unauthenticated logical access to sensitive files, addressing the bypass in the plugin's file access restrictions.

References