The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to,…
Wordfence·CWE-36·Published 2025-07-24
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.
El complemento Security Ninja – WordPress Security Plugin & Firewall para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 5.242 incluida, mediante la función 'get_file_source'. Esto permite a atacantes autenticados, con acceso de administrador o superior, extraer datos confidenciales, incluyendo el contenido de cualquier archivo del servidor.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.1 | Primary | cve.org | 4.9 | — | — | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Primary | cve.org | 4.9 | — | — | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
| 3.1 | Secondary | NVD | 4.9 | 1.2 | 3.6 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |