CVE-2025-6070 is a directory traversal vulnerability (CWE-22) found in the Restrict File Access plugin for WordPress, developed by josxha. This vulnerability affects all versions up to and including 1.1.2 of the plugin. The flaw exists in the output() function, which fails to properly limit pathname inputs to a restricted directory. As a result, authenticated attackers with Subscriber-level access or higher can exploit this vulnerability to read arbitrary files on the server hosting the WordPress site. This can lead to exposure of sensitive information such as configuration files, credentials, or other private data stored on the server. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, allowing remote exploitation. The CVSS 3.1 base score is 6.5 (medium severity), reflecting high confidentiality impact but no impact on integrity or availability. The attack complexity is low, and privileges required are low (authenticated users with minimal roles). No known exploits are currently in the wild, and no patches have been released at the time of this analysis. The vulnerability is significant because WordPress is widely used across Europe, and the Restrict File Access plugin is designed to control file visibility, so its compromise undermines intended access restrictions. Attackers gaining access to arbitrary files can leverage sensitive data for further attacks or data breaches.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality. Many European businesses, government entities, and NGOs rely on WordPress for their web presence, often using plugins like Restrict File Access to protect sensitive documents or data. An attacker exploiting this vulnerability could access private files, including internal documents, credentials, or personal data protected under GDPR. This could lead to data breaches with regulatory and reputational consequences. Since the vulnerability requires only low-level authenticated access, it could be exploited by insiders or through compromised user accounts. The lack of impact on integrity or availability reduces the risk of service disruption but does not diminish the seriousness of unauthorized data disclosure. Organizations handling sensitive or regulated data are particularly at risk. Furthermore, the vulnerability could be chained with other exploits to escalate privileges or move laterally within networks, increasing overall risk.

1. Immediately audit WordPress installations for the presence of the josxha Restrict File Access plugin and identify versions up to 1.1.2. 2. Restrict user roles and permissions to minimize the number of users with Subscriber-level or higher access, especially on sites handling sensitive data. 3. Implement strict monitoring and logging of file access attempts, focusing on unusual or unauthorized file reads. 4. Use web application firewalls (WAFs) with custom rules to detect and block directory traversal patterns targeting the output() function or suspicious file path parameters. 5. Employ network segmentation and least privilege principles to limit the impact of compromised accounts. 6. Regularly review and update authentication mechanisms, including enforcing strong password policies and multi-factor authentication to reduce the risk of account compromise. 7. Stay alert for official patches or updates from the plugin vendor and apply them promptly once available. 8. Consider alternative plugins with a stronger security track record if immediate patching is not possible. 9. Conduct penetration testing focusing on file access controls to identify similar vulnerabilities in custom or third-party plugins.