PT-2025-18740 · WordPress · Yame | Link In Bio
Avraham Shemesh
·
Published
2025-05-02
·
Updated
2025-05-02
·
CVE-2025-2880
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
The Yame | Link In Bio plugin for WordPress versions 0.9.0 and earlier
Description
The issue allows unauthenticated attackers to view potentially sensitive information contained in an exposed file through the publicly accessible phpinfo.php script.
Recommendations
For versions 0.9.0 and earlier, consider removing or restricting access to the phpinfo.php script to minimize the risk of sensitive information exposure until a patch is available.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yame | Link In Bio