PT-2025-30640 · WordPress · The Security Ninja – Wordpress Security Plugin & Firewall

Published

2025-07-24

Updated

2025-08-08

CVE-2025-8009

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions The Security Ninja – WordPress Security Plugin & Firewall versions prior to 5.243

Description The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This allows authenticated attackers with Administrator-level access or higher to extract sensitive data, including the contents of any file on the server, through the get file source function.

Recommendations Update The Security Ninja – WordPress Security Plugin & Firewall to version 5.243 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-36

Related Identifiers

CVE-2025-8009

Affected Products

The Security Ninja – Wordpress Security Plugin & Firewall

CVE-2025-8009

Weakness Enumeration

Related Identifiers

Affected Products

References · 7