CVE-2025-3897

Name of the Vulnerable Software and Affected Versions EUCookieLaw plugin for WordPress versions up to and including 2.7.2

Description The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, potentially containing sensitive information, via the file get contents function. This can be exploited if a caching plugin, such as W3 Total Cache, is installed and activated.

Recommendations For EUCookieLaw plugin for WordPress versions up to and including 2.7.2, consider disabling the plugin until a patch is available to prevent exploitation. Additionally, restrict access to sensitive files on the server to minimize the risk of information disclosure. As a temporary workaround, consider disabling caching plugins like W3 Total Cache to reduce the vulnerability's impact.