{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4222", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-02T13:15:21.042Z", "datePublished": "2025-05-03T01:43:08.183Z", "dateUpdated": "2026-04-08T17:34:20.546Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:20.546Z"}, "affected": [{"vendor": "neoslab", "product": "Database Toolset", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.8.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data."}], "title": "Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76"}, {"url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247"}, {"url": "https://www.guyshavit.com/post/cve-2025-4222"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Guy Shavit"}], "timeline": [{"time": "2025-05-02T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-05T14:40:32.888193Z", "id": "CVE-2025-4222", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T14:57:43.828Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-05T14:40:32.888193Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-05T14:40:34.352Z"}}], "cna": {"title": "Database Toolset <= 1.8.4 - Unauthenticated Sensitive Information Exposure via Backup Files", "credits": [{"lang": "en", "type": "finder", "value": "Guy Shavit"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "neoslab", "product": "Database Toolset", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.8.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-02T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76"}, {"url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247"}, {"url": "https://www.guyshavit.com/post/cve-2025-4222"}], "descriptions": [{"lang": "en", "value": "The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:20.546Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4222", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:20.546Z", "dateReserved": "2025-05-02T13:15:21.042Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-03T01:43:08.183Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data."}, {"lang": "es", "value": "El complemento Database Toolset para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.8.4 incluida, a trav\u00e9s de archivos de copia de seguridad almacenados en una ubicaci\u00f3n de acceso p\u00fablico. Esto permite a atacantes no autenticados extraer informaci\u00f3n confidencial de los archivos de copia de seguridad de la base de datos. Existe un archivo de \u00edndice, por lo que un ataque de fuerza bruta tendr\u00eda que tener \u00e9xito para comprometer los datos."}], "id": "CVE-2025-4222", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-03T03:15:29.217", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76"}, {"source": "security@wordfence.com", "url": "https://www.guyshavit.com/post/cve-2025-4222"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:58:33.269137+00:00", "value": {"mitigation_remediation": ["Upgrade the Database Toolset plugin to version 1.8.5 or later as soon as a fix is available.", "Move all backup directories to a non\u2011publicly accessible location and secure them with proper file permissions (e.g., 700) to prevent direct downloads.", "Delete or restrict access to any existing backup files, including the index file, and revoke any exposed URLs through web server configuration (e.g., .htaccess or Nginx deny rules)."], "summary": {"action": "Assess Impact", "impact": "Sensitive Information Exposure"}, "threat_synthesis": {"affected_systems": "Vendors and products affected are neoslab's Database Toolset plugin for WordPress. The vulnerability exists in all releases up to and including version 1.8.4. Users running those versions should verify the installed version and upgrade if possible.", "description_and_impact": "The Database Toolset WordPress plugin stores database backup files in a publicly accessible location, allowing an unauthenticated attacker to read these files. The vulnerability is a classic case of sensitive information exposure (CWE-200), where backup files may contain the entire database contents, including configuration data, user credentials, and other confidential information. The impact is a loss of confidentiality, potentially leading to data leaks or further compromise if the attacker uses the backup for subsequent attacks.", "risk_and_exploitability": "The CVSS score of 5.9 indicates a moderate severity. The EPSS score is less than 1%, suggesting a low probability of exploitation at the time of analysis, and the vulnerability is not listed in CISA\u2019s KEV catalog. Attackers must acquire the accurate file name to download a backup; an index file is present, but enumeration would require success in a brute\u2011force search. The attack vector is remote, unauthenticated, and relies on file disclosure. While the exploitation is technically straightforward once the file is located, the low availability of the file path keeps overall risk moderate."}}}}, "created": "2026-04-20T23:00:14.176478+00:00", "updated": "2026-04-20T23:00:14.176489+00:00", "vendors": []}