Name of the Vulnerable Software and Affected Versions:

BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security versions prior to 4.6

Description:

The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is susceptible to sensitive information exposure. The `bitfire *` directory, created by the plugin, stores potentially sensitive files without access restrictions, allowing unauthenticated attackers to extract data from files such as `config.ini` and `debug.log`.

Recommendations:

Update to version 4.6 or later.