CVE-2025-6082
BaseFortify
Publication date: 2025-07-22
Last updated on: 2025-07-22
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | birth_chart_compatibility | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Birth Chart Compatibility plugin for WordPress allows unauthenticated attackers to access the plugin's index.php file directly, causing an error that exposes the full file path of the web application. This is known as Full Path Disclosure. While the exposed information alone is not harmful, it can be used by attackers to facilitate other attacks if additional vulnerabilities exist.
How can this vulnerability impact me? :
This vulnerability can impact you by revealing the full path of your web application to unauthenticated attackers. Although this information is not directly damaging, it can assist attackers in planning and executing further attacks if other vulnerabilities are present on your website.