CVE-2025-2882 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the GreenPay(tm) by Green.Money plugin for WordPress, specifically versions 3.0.0 through 3.0.9. The issue arises from the inclusion of a publicly accessible phpinfo.php script within the plugin, which exposes detailed PHP environment information such as configuration settings, loaded modules, environment variables, and potentially sensitive server data. Because this script is accessible without authentication or user interaction, any unauthenticated attacker can retrieve this information simply by accessing the phpinfo.php URL on a vulnerable site. The exposure of such data can facilitate further attacks by revealing server configurations, software versions, and environment variables that may contain credentials or other sensitive details. The CVSS v3.1 base score is 5.3, reflecting a medium severity due to the ease of access (network vector, no privileges required) but limited impact (confidentiality loss only, no integrity or availability impact). No patches or exploit code are currently publicly available, and no active exploitation has been reported. However, the presence of this information disclosure vulnerability in a payment-related plugin raises concerns about potential reconnaissance leading to more severe attacks. The vulnerability was publicly disclosed on April 8, 2025, and assigned by Wordfence. Organizations using the affected GreenPay plugin versions should consider this a priority for remediation to prevent leakage of sensitive environment details.

The primary impact of CVE-2025-2882 is the unauthorized disclosure of sensitive server and environment information. This can aid attackers in crafting targeted attacks by revealing software versions, server configurations, and environment variables that may contain credentials or other sensitive data. While the vulnerability itself does not allow direct code execution or data modification, the information gained can facilitate privilege escalation, remote code execution, or other attacks against the affected system or network. For organizations handling financial transactions through the GreenPay plugin, this exposure increases the risk of subsequent attacks that could compromise payment data or disrupt services. The impact is particularly significant for organizations that have not segmented or hardened their web server environments, as attackers can leverage the disclosed information to identify additional vulnerabilities or misconfigurations. Although no active exploitation is reported, the risk of reconnaissance-based attacks is elevated, potentially leading to financial loss, reputational damage, and regulatory compliance issues related to data protection.

1. Immediately restrict access to the phpinfo.php script by removing it from the web root or configuring web server access controls (e.g., .htaccess rules, IP whitelisting) to prevent public access. 2. Monitor web server logs for any access attempts to phpinfo.php or other unusual requests that may indicate reconnaissance activity. 3. Update the GreenPay plugin to a patched version once the vendor releases a fix addressing this vulnerability. 4. If patching is not immediately possible, consider disabling or uninstalling the GreenPay plugin temporarily to eliminate exposure. 5. Conduct a thorough review of server environment variables and configurations to ensure no sensitive information is unnecessarily exposed elsewhere. 6. Implement web application firewalls (WAF) with rules to block access to sensitive files and scripts. 7. Educate development and operations teams about the risks of exposing diagnostic scripts in production environments. 8. Regularly audit all third-party plugins and components for similar information disclosure risks.