{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7518", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-11T21:09:28.884Z", "datePublished": "2025-07-12T09:24:28.763Z", "dateUpdated": "2026-04-08T17:34:57.914Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:57.914Z"}, "affected": [{"vendor": "rsjoomla", "product": "RSFirewall!", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.42", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7b0eef-3b8e-4272-bbd7-ad52088d0835?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3306173%40rsfirewall&new=3306173%40rsfirewall&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Robert Kruczek"}, {"lang": "en", "type": "finder", "value": "Kamil Szczurowski"}], "timeline": [{"time": "2025-07-11T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-14T14:13:01.371219Z", "id": "CVE-2025-7518", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-14T20:11:48.460Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7518", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-14T14:13:01.371219Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-14T14:40:23.000Z"}}], "cna": {"title": "RSFirewall! <= 1.1.42 - Authenticated (Admin+) Arbitrary File Read", "credits": [{"lang": "en", "type": "finder", "value": "Robert Kruczek"}, {"lang": "en", "type": "finder", "value": "Kamil Szczurowski"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "rsjoomla", "product": "RSFirewall!", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.42"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-11T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7b0eef-3b8e-4272-bbd7-ad52088d0835?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3306173%40rsfirewall&new=3306173%40rsfirewall&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:34:57.914Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7518", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:34:57.914Z", "dateReserved": "2025-07-11T21:09:28.884Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-12T09:24:28.763Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento RSFirewall! para WordPress es vulnerable a la traves\u00eda de rutas en todas las versiones hasta la 1.1.42 incluida, mediante la funci\u00f3n get_local_filename(). Esto permite a atacantes autenticados, con acceso de administrador o superior, leer el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-7518", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-12T10:15:26.217", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3306173%40rsfirewall&new=3306173%40rsfirewall&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7b0eef-3b8e-4272-bbd7-ad52088d0835?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:19:25.831751+00:00", "value": {"mitigation_remediation": ["Upgrade RSFirewall! to the latest version (\u22651.1.43) or later that contains the path traversal fix.", "Disable or uninstall the plugin if it is not required for site functionality.", "If the plugin must remain, enforce stricter file permissions or use a security plugin to block or audit requests for sensitive files."], "summary": {"action": "Patch Update", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "The flaw affects all versions of RSFirewall! for WordPress up to and including 1.1.42, distributed by the rsjoomla organization. WordPress sites that have installed any of these affected plugin versions are at risk.", "description_and_impact": "The RSFirewall! plugin contains a path traversal flaw in the get_local_filename() function, allowing authenticated attackers with administrator or higher privileges to read the contents of arbitrary files on the server. This can expose sensitive configuration, credential, and code files. The vulnerability is classified as CWE-22.", "risk_and_exploitability": "The CVSS score of 4.9 indicates moderate severity, but the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. Because the attack requires administrator-level authentication, the risk is confined to sites where an attacker can gain such access. The vulnerability has not been listed in CISA KEV catalogues and is not yet widely exploited, though any privileged user could leverage it to read any file readable by the web server process."}}}}, "created": "2025-07-12T23:05:31.024836+00:00", "updated": "2026-04-20T20:30:16.066628+00:00", "vendors": ["rsjoomla", "rsjoomla$PRODUCT$rsfirewall!", "wordpress", "wordpress$PRODUCT$wordpress"]}