{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T22:58:13.855","vulnerabilities":[{"cve":{"id":"CVE-2025-6722","sourceIdentifier":"security@wordfence.com","published":"2025-08-02T10:15:25.310","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more when directory listing is enabled on the server and the ~/wp-content/plugins/index.php file is missing or ignored."},{"lang":"es","value":"El complemento BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security para WordPress es vulnerable a la Exposición de Información Sensible en todas las versiones hasta la 4.5 incluida, a través del directorio bitfire_*, que se crea automáticamente y almacena archivos potencialmente sensibles sin restricciones de acceso. Esto permite a atacantes no autenticados extraer información sensible de diversos archivos como config.ini, debug.log, etc."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3334399%40bitfire&new=3334399%40bitfire&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3335461%40bitfire&new=3335461%40bitfire&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/72320980-733d-4fe6-9a13-39c476b77298?source=cve","source":"security@wordfence.com"}]}}]}