{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T13:25:23.058","vulnerabilities":[{"cve":{"id":"CVE-2025-4222","sourceIdentifier":"security@wordfence.com","published":"2025-05-03T03:15:29.217","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data."},{"lang":"es","value":"El complemento Database Toolset para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 1.8.4 incluida, a través de archivos de copia de seguridad almacenados en una ubicación de acceso público. Esto permite a atacantes no autenticados extraer información confidencial de los archivos de copia de seguridad de la base de datos. Existe un archivo de índice, por lo que un ataque de fuerza bruta tendría que tener éxito para comprometer los datos."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76","source":"security@wordfence.com"},{"url":"https://www.guyshavit.com/post/cve-2025-4222","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve","source":"security@wordfence.com"}]}}]}