{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6381", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-19T18:45:51.733Z", "datePublished": "2025-06-28T03:21:59.274Z", "dateUpdated": "2026-04-08T17:15:26.691Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:26.691Z"}, "affected": [{"vendor": "beeteam368", "product": "BeeTeam368 Extensions", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.3.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover."}], "title": "BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve"}, {"url": "https://themeforest.net/item/vidmov-video-wordpress-theme/35542187"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-36 Absolute Path Traversal", "cweId": "CWE-36", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "timeline": [{"time": "2025-06-20T19:26:03.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-06-27T14:26:26.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-30T16:19:07.742741Z", "id": "CVE-2025-6381", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T16:19:16.241Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6381", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-30T16:19:07.742741Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-30T16:19:13.494Z"}}], "cna": {"title": "BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Tonn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "beeteam368", "product": "BeeTeam368 Extensions", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.3.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-20T19:26:03.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-06-27T14:26:26.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve"}, {"url": "https://themeforest.net/item/vidmov-video-wordpress-theme/35542187"}], "descriptions": [{"lang": "en", "value": "The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:26.691Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6381", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:15:26.691Z", "dateReserved": "2025-06-19T18:45:51.733Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-28T03:21:59.274Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:beeteam368:vidmov:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "258C7067-CEA9-4017-BCD2-1A7AF3DBAC30", "versionEndExcluding": "2.3.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover."}, {"lang": "es", "value": "El complemento BeeTeam368 Extensions para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 2.3.4 incluida, a trav\u00e9s de la funci\u00f3n handle_remove_temp_file(). Esto permite a atacantes autenticados, con acceso de suscriptor o superior, realizar acciones en archivos fuera del directorio original. Esta vulnerabilidad puede utilizarse para eliminar el archivo wp-config.php, lo que puede utilizarse para robar el sitio web."}], "id": "CVE-2025-6381", "lastModified": "2025-07-07T15:24:28.070", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-06-28T04:15:46.110", "references": [{"source": "security@wordfence.com", "tags": ["Product", "Release Notes"], "url": "https://themeforest.net/item/vidmov-video-wordpress-theme/35542187"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aed40456-43c3-4647-9bce-e7c6139c84cd?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-36"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:24:51.719615+00:00", "value": {"mitigation_remediation": ["Upgrade BeeTeam368 Extensions to a version newer than 2.3.4.", "Reduce the number of active Subscriber accounts or limit their file\u2011system access.", "Configure file permissions to prevent deletion of wp-config.php and harden the WordPress filesystem."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary file deletion"}, "threat_synthesis": {"affected_systems": "Systems running the BeeTeam368 Extensions plugin on WordPress with versions up to and including 2.3.4 are impacted. This includes any websites that have installed this plugin in those revisions and maintain WordPress environments where subscriber accounts exist.", "description_and_impact": "The vulnerability is a directory traversal flaw in the handle_remove_temp_file() function of the BeeTeam368 Extensions plugin for WordPress. It allows authenticated users with Subscriber-level access or higher to obtain file paths outside the intended upload directory. By exploiting this flaw, an attacker can delete critical files such as wp-config.php, which can lead to a site takeover. The weakness corresponds to CWE-36, illustrating improper validation of file paths.", "risk_and_exploitability": "The CVSS base score of 8.8 indicates high severity. EPSS indicates a very low probability of exploitation (<1%) but that does not negate the potential impact when subscriber accounts are present. The vulnerability is not listed in CISA KEV. Exploitation requires the attacker to be logged in with at least subscriber privileges, after which a crafted request invoking handle_remove_temp_file() can traverse directories and delete arbitrary files. Once wp-config.php is removed, the remaining user can take full control of the site."}}}}, "created": "2025-07-13T21:48:25.444846+00:00", "updated": "2026-04-20T20:30:16.072038+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}