Skip to main content

CVE-2025-2880: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in yame Yame | Link In Bio

Medium
VulnerabilityCVE-2025-2880cvecve-2025-2880cwe-200
Published: Fri May 02 2025 (05/02/2025, 01:43:36 UTC)
Source: CVE
Vendor/Project: yame
Product: Yame | Link In Bio

Description

The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.

AI-Powered Analysis

AILast updated: 06/26/2025, 02:15:21 UTC

Technical Analysis

CVE-2025-2880 is a medium severity vulnerability affecting the Yame | Link In Bio WordPress plugin, versions up to and including 0.9.0. The vulnerability arises from the presence of a publicly accessible phpinfo.php script within the plugin's installation. This script exposes detailed PHP environment information, including server configuration, loaded modules, environment variables, and potentially sensitive data such as database connection details, API keys, or other credentials if they are present in the environment or configuration files. Because the script is accessible without authentication or user interaction, any unauthenticated attacker can retrieve this information simply by accessing the phpinfo.php endpoint on a vulnerable WordPress site. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The CVSS 3.1 base score is 5.3, reflecting a medium severity level, with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impact limited to confidentiality (C:L) without affecting integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation may require manual removal or restriction of access to the phpinfo.php script or plugin updates once available. The vulnerability does not allow direct code execution or system compromise but can aid attackers in reconnaissance and subsequent targeted attacks by revealing sensitive configuration details that could facilitate privilege escalation or lateral movement within the affected environment.

Potential Impact

For European organizations, this vulnerability poses a risk primarily related to confidentiality breaches. Exposure of sensitive server and application configuration details can enable attackers to craft more effective attacks, such as exploiting other vulnerabilities, credential theft, or unauthorized access. Organizations handling personal data under GDPR must be particularly cautious, as leakage of environment variables or credentials could lead to data breaches with regulatory and reputational consequences. The vulnerability affects WordPress sites using the Yame | Link In Bio plugin, which is popular among social media managers, marketing teams, and small to medium enterprises for managing link aggregation. If exploited, attackers could gain insights into the hosting environment, potentially facilitating further attacks like SQL injection, cross-site scripting, or privilege escalation. Although the vulnerability itself does not directly compromise integrity or availability, the information disclosed can be leveraged in multi-stage attacks. Given the widespread use of WordPress in Europe and the increasing reliance on social media marketing tools, the vulnerability could impact a broad range of sectors including retail, media, and professional services. The lack of required authentication and user interaction increases the risk of automated scanning and exploitation attempts.

Mitigation Recommendations

1. Immediate mitigation should involve restricting access to the phpinfo.php script by removing or renaming the file if it is not required for operational purposes. 2. Implement web server access controls (e.g., .htaccess rules for Apache or equivalent for Nginx) to limit access to the phpinfo.php endpoint to trusted IP addresses or authenticated users only. 3. Monitor web server logs for any access attempts to phpinfo.php or unusual scanning activity targeting this endpoint. 4. Update the Yame | Link In Bio plugin to a patched version once released by the vendor. Until then, consider disabling or uninstalling the plugin if the phpinfo.php script cannot be secured. 5. Conduct a thorough review of the server environment to ensure no sensitive credentials or secrets are exposed in environment variables or configuration files accessible via phpinfo.php. 6. Employ web application firewalls (WAFs) to detect and block requests to sensitive endpoints like phpinfo.php. 7. Educate site administrators about the risks of exposing diagnostic scripts publicly and enforce secure development and deployment practices to avoid inclusion of such scripts in production environments.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-03-27T19:25:40.845Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d9838c4522896dcbebdf2

Added to database: 5/21/2025, 9:09:12 AM

Last enriched: 6/26/2025, 2:15:21 AM

Last updated: 7/30/2025, 2:38:00 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats