CVE-2025-6082 (CNNVD-202507-2862)
中文标题:
WordPress plugin Birth Chart Compatibility 信息泄露漏洞
英文标题:
Birth Chart Compatibility <= 2.0 - Unauthenticated Full Path Exposure
漏洞描述
中文描述:
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin Birth Chart Compatibility 2.0及之前版本存在信息泄露漏洞,该漏洞源于直接访问index.php文件导致完整路径泄露,可能辅助其他攻击。
英文描述:
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| mia4 | Birth Chart Compatibility | - | ≤ 2.0 | - |
cpe:2.3:a:mia4:birth_chart_compatibility:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2025-6082 |
2025-11-11 15:23:34 | 2025-11-11 07:40:47 |
| NVD | nvd_CVE-2025-6082 |
2025-11-11 15:00:57 | 2025-11-11 07:48:34 |
| CNNVD | cnnvd_CNNVD-202507-2862 |
2025-11-11 15:12:51 | 2025-11-11 08:00:01 |
| EXPLOITDB | exploitdb_EDB-52419 |
2025-11-11 15:05:28 | 2025-11-11 09:02:42 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 3 -> 6
- tags_count: 0 -> 3
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> 信息泄露
- cnnvd_id: 未提取 -> CNNVD-202507-2862
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- data_sources: ['cve'] -> ['cve', 'nvd']