{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3897", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-23T15:56:17.104Z", "datePublished": "2025-05-09T11:11:19.819Z", "dateUpdated": "2026-04-08T17:25:36.362Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:36.362Z"}, "affected": [{"vendor": "diego-la-monica", "product": "EUCookieLaw", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.7.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated."}], "title": "EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d360de79-8490-4e70-b2d9-4f01a1ed3305?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/eucookielaw/trunk/templates/EUCookieCache.php#L26"}, {"url": "https://plugins.trac.wordpress.org/changeset/3288917/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Nicolai Hellesnes"}], "timeline": [{"time": "2025-05-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-09T14:37:20.035129Z", "id": "CVE-2025-3897", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T14:39:27.329Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3897", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-09T14:37:20.035129Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-09T14:37:48.833Z"}}], "cna": {"title": "EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Nicolai Hellesnes"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "diego-la-monica", "product": "EUCookieLaw", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.7.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-08T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d360de79-8490-4e70-b2d9-4f01a1ed3305?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/eucookielaw/trunk/templates/EUCookieCache.php#L26"}, {"url": "https://plugins.trac.wordpress.org/changeset/3288917/"}], "descriptions": [{"lang": "en", "value": "The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:36.362Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3897", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:25:36.362Z", "dateReserved": "2025-04-23T15:56:17.104Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-09T11:11:19.819Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated."}, {"lang": "es", "value": "El complemento EUCookieLaw para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 2.7.2 incluida, mediante la funci\u00f3n 'file_get_contents'. Esto permite a atacantes no autenticados leer el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial. Esta vulnerabilidad solo se puede explotar si se instala y activa un complemento de cach\u00e9 como W3 Total Cache."}], "id": "CVE-2025-3897", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-09T12:15:33.370", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/eucookielaw/trunk/templates/EUCookieCache.php#L26"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3288917/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d360de79-8490-4e70-b2d9-4f01a1ed3305?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:52:15.215800+00:00", "value": {"mitigation_remediation": ["Upgrade the EUCookieLaw plugin to version 2.7.3 or later, which removes the vulnerable file_get_contents call.", "Remove or disable any caching plugin such as W3 Total Cache while the vulnerable EUCookieLaw version is in use.", "If an upgrade is not immediately possible, restrict the file system permissions for the WordPress content directory and consider implementing a web application firewall rule that blocks requests routed to EUCookieLaw\u2019s cache endpoint."], "summary": {"action": "Patch Now", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The issue affects WordPress sites that have installed the EUCookieLaw plugin versions 2.7.2 or earlier. The plugin must be used in conjunction with a caching solution \u2013 for example, W3 Total Cache \u2013 that is enabled during the attack window. Sites running an older version of the plugin combined with an active caching plugin are therefore at risk.", "description_and_impact": "The EUCookieLaw plugin for WordPress contains a flaw that allows an attacker to read the contents of any file on the server. The vulnerability arises from an unvalidated use of the 'file_get_contents' function and is classified as CWE\u201122. If exploited, a malicious user can obtain sensitive files such as configuration data, passwords, or other confidential information, compromising the confidentiality of the site.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a medium severity vulnerability. The EPSS score is less than 1% and the issue is not listed in CISA\u2019s KEV catalog, suggesting that widespread exploitation is unlikely at present. Nevertheless, the attack vector requires an unauthenticated user to trigger the plugin\u2019s file read logic while a caching plugin is active, making the vulnerability easier to exploit on sites that have both components installed."}}}}, "created": "2026-04-20T23:00:14.171712+00:00", "updated": "2026-04-20T23:00:14.171741+00:00", "vendors": []}