{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6082", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-13T18:48:39.523Z", "datePublished": "2025-07-22T09:22:43.204Z", "dateUpdated": "2026-04-08T16:49:43.535Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:43.535Z"}, "affected": [{"vendor": "mia4", "product": "Birth Chart Compatibility", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."}], "title": "Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4607dca0-d3b7-4fca-8f89-a0a739bd7551?source=cve"}, {"url": "https://plugins.svn.wordpress.org/birth-chart-compatibility/trunk/index.php"}, {"url": "https://wordpress.org/plugins/birth-chart-compatibility/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Amin Beheshti"}], "timeline": [{"time": "2025-07-21T20:51:01.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-22T13:23:04.077099Z", "id": "CVE-2025-6082", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T13:23:24.582Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6082", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-22T13:23:04.077099Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-22T13:23:07.442Z"}}], "cna": {"title": "Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure", "credits": [{"lang": "en", "type": "finder", "value": "Amin Beheshti"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "mia4", "product": "Birth Chart Compatibility", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-21T20:51:01.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4607dca0-d3b7-4fca-8f89-a0a739bd7551?source=cve"}, {"url": "https://plugins.svn.wordpress.org/birth-chart-compatibility/trunk/index.php"}, {"url": "https://wordpress.org/plugins/birth-chart-compatibility/"}], "descriptions": [{"lang": "en", "value": "The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:49:43.535Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6082", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:49:43.535Z", "dateReserved": "2025-06-13T18:48:39.523Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-22T09:22:43.204Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website."}, {"lang": "es", "value": "El complemento Birth Chart Compatibility para WordPress es vulnerable a Full Path Disclosure en todas las versiones hasta la 2.0 incluida. Esto se debe a una protecci\u00f3n insuficiente contra el acceso directo al archivo index.php del complemento, lo que provoca un error que expone la ruta completa. Esto permite que atacantes no autenticados obtengan la ruta completa de la aplicaci\u00f3n web, lo que puede utilizarse para otros ataques. La informaci\u00f3n mostrada no es \u00fatil por s\u00ed sola y requiere otra vulnerabilidad para que se produzcan da\u00f1os en el sitio web afectado."}], "id": "CVE-2025-6082", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-22T10:15:25.443", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/birth-chart-compatibility/trunk/index.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/birth-chart-compatibility/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4607dca0-d3b7-4fca-8f89-a0a739bd7551?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:38:56.398260+00:00", "value": {"mitigation_remediation": ["Upgrade the Birth Chart Compatibility plugin to the latest version where the vulnerability has been fixed.", "If an upgrade is not possible, permanently delete or disable the plugin to eliminate the exposure.", "As a temporary protective measure, block direct HTTP access to the plugin directory (e.g., using .htaccess rules or firewall rules) so that unauthenticated requests cannot trigger the index.php error."], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The affected product is the Birth Chart Compatibility plugin for WordPress, produced by mia4. Versions up to and including 2.0 are vulnerable. No later releases are known to contain the issue based on the current advisory.", "description_and_impact": "The Birth Chart Compatibility WordPress plugin is vulnerable to Full Path Disclosure in all releases up to and including version 2.0. The flaw arises from insufficient protection against direct access to the plugin's index.php file, which triggers an error that reveals the server's absolute file path. This disclosure falls under information\u2011disclosure weaknesses (CWE-200) and can assist attackers in locating application files, but it does not in itself cause direct damage; an attacker would need a separate vulnerability to exploit further.", "risk_and_exploitability": "With a CVSS score of 5.3, the risk is moderate. The EPSS score of 4% indicates a small but non\u2011negligible likelihood of exploitation in the wild, and the vulnerability is not currently catalogued in the CISA KEV list. Exploitation is straightforward: a remote, unauthenticated attacker can issue an HTTP request to the plugin's index.php path, causing the server to return an error page that leaks the full file system path. Because the disclosed path alone does not compromise confidentiality, integrity, or availability, the threat is primarily to support other attacks and should be mitigated promptly."}}}}, "created": "2025-07-23T20:19:27.433501+00:00", "updated": "2026-04-21T19:45:16.077210+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}