{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6070", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-13T14:24:54.975Z", "datePublished": "2025-06-14T08:23:25.593Z", "dateUpdated": "2026-04-08T16:59:43.772Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:43.772Z"}, "affected": [{"vendor": "josxha", "product": "Restrict File Access", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-06-13T19:37:23.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T16:45:57.980078Z", "id": "CVE-2025-6070", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-17T18:39:04.398Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6070", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-16T16:45:57.980078Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T16:47:12.450Z"}}], "cna": {"title": "Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "josxha", "product": "Restrict File Access", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-13T19:37:23.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77"}], "descriptions": [{"lang": "en", "value": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:59:43.772Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6070", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:59:43.772Z", "dateReserved": "2025-06-13T14:24:54.975Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-14T08:23:25.593Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Restrict File Access para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 1.1.2 incluida, a trav\u00e9s de la funci\u00f3n output(). Esto permite que atacantes autenticados, con acceso de suscriptor o superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-6070", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-14T09:15:25.180", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:14:24.394122+00:00", "value": {"mitigation_remediation": ["Upgrade the Restrict File Access plugin to version 1.1.3 or later, which removes the output() directory traversal pathway.", "If an upgrade is not immediately possible, uninstall or disable the plugin to eliminate the vector.", "Restrict Subscriber and higher roles to only those users who genuinely need access, and audit role assignments to minimize the number of accounts capable of triggering the flaw.", "Apply general input validation best practices to any custom code that might manipulate file paths, ensuring paths are canonicalized and confined within allowed directories."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read (Authenticated)"}, "threat_synthesis": {"affected_systems": "All installations of the Restrict File Access plugin distributed by josxha, for WordPress sites, are affected when the plug\u2011in version is 1.1.2 or older. Users who have installed the 1.1.2 release or any earlier version of the plugin are susceptible regardless of other security hardening measures.", "description_and_impact": "The Restrict File Access WordPress plugin is vulnerable to directory traversal through its output() function, allowing an attacker who is authenticated with a Subscriber account or higher to read any file on the server. This flaw can expose sensitive data such as configuration files or private user information, potentially compromising the confidentiality of site content and backend data. The weakness is formally classified as CWE-22.", "risk_and_exploitability": "The CVSS score of 6.5 places this flaw in the medium severity range, and the EPSS score of 1% indicates a low but non\u2011zero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread active exploitation is publicly documented. Attackers must first authenticate to the WordPress site with at least Subscriber\u2011level privileges, which is the likely vector, and then exploit the traversal flaw to read arbitrary files. The impact is limited to information disclosure rather than full compromise, but the ability to obtain confidential files can still lead to significant damage."}}}}, "created": "2026-04-21T20:15:44.580697+00:00", "updated": "2026-04-21T20:15:44.580707+00:00", "vendors": []}