PT-2025-31734 · WordPress · Bitfire Security – Firewall

Aurélien Bourdois

Published

2025-08-02

Updated

2025-08-25

CVE-2025-6722

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security versions prior to 4.6

Description The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is susceptible to sensitive information exposure. The bitfire * directory, created by the plugin, stores potentially sensitive files without access restrictions, allowing unauthenticated attackers to extract data from files such as config.ini and debug.log.

Recommendations Update to version 4.6 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2025-6722

Affected Products

Bitfire Security – Firewall

PT-2025-31734 · WordPress · Bitfire Security – Firewall

CVE-2025-6722

Weakness Enumeration

Related Identifiers

Affected Products

References · 10