CVE-2025-4222

The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247
https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76
https://www.guyshavit.com/post/cve-2025-4222
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve

Configurations

No configuration.

History

13 May 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-03 03:15

Updated : 2025-05-13 18:15

NVD link : CVE-2025-4222

Mitre link : CVE-2025-4222

CVE.ORG link : CVE-2025-4222

JSON object : View

Products Affected

No product.

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2025-4222", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2025-05-03T03:15:29.217", "references": [{"url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-admin.php#L247", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/browser/database-toolset/trunk/admin/class-database-toolset-backup.php#L76", "source": "security@wordfence.com"}, {"url": "https://www.guyshavit.com/post/cve-2025-4222", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fa452a9a-9e26-41a1-8dea-4bafaf735bee?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data."}, {"lang": "es", "value": "El complemento Database Toolset para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.8.4 incluida, a trav\u00e9s de archivos de copia de seguridad almacenados en una ubicaci\u00f3n de acceso p\u00fablico. Esto permite a atacantes no autenticados extraer informaci\u00f3n confidencial de los archivos de copia de seguridad de la base de datos. Existe un archivo de \u00edndice, por lo que un ataque de fuerza bruta tendr\u00eda que tener \u00e9xito para comprometer los datos."}], "lastModified": "2025-05-13T18:15:41.657", "sourceIdentifier": "security@wordfence.com"}