CVE-2025-6082: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in mia4 Birth Chart Compatibility
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
AI Analysis
Technical Summary
CVE-2025-6082 describes a Full Path Disclosure vulnerability in the Birth Chart Compatibility WordPress plugin (mia4) versions up to 2.0. The flaw arises from the plugin's index.php file lacking proper access controls, causing an error that exposes the full server path when accessed directly. This exposure can aid attackers in reconnaissance and facilitate further attacks if other vulnerabilities exist. The vulnerability does not allow direct compromise or data modification but leaks sensitive server path information.
Potential Impact
The vulnerability allows unauthenticated attackers to obtain the full file system path of the web application hosting the plugin. This information disclosure is limited in impact by itself but can be leveraged to support other attacks that require knowledge of the server environment. There is no direct confidentiality, integrity, or availability impact from this vulnerability alone.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting direct access to the plugin's index.php file via web server configuration or security plugins to prevent error message exposure.
CVE-2025-6082: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in mia4 Birth Chart Compatibility
Description
The Birth Chart Compatibility plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0. This is due to insufficient protection against directly accessing the plugin's index.php file, which causes an error exposing the full path. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-6082 describes a Full Path Disclosure vulnerability in the Birth Chart Compatibility WordPress plugin (mia4) versions up to 2.0. The flaw arises from the plugin's index.php file lacking proper access controls, causing an error that exposes the full server path when accessed directly. This exposure can aid attackers in reconnaissance and facilitate further attacks if other vulnerabilities exist. The vulnerability does not allow direct compromise or data modification but leaks sensitive server path information.
Potential Impact
The vulnerability allows unauthenticated attackers to obtain the full file system path of the web application hosting the plugin. This information disclosure is limited in impact by itself but can be leveraged to support other attacks that require knowledge of the server environment. There is no direct confidentiality, integrity, or availability impact from this vulnerability alone.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider restricting direct access to the plugin's index.php file via web server configuration or security plugins to prevent error message exposure.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-13T18:48:39.523Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 687f5a59a83201eaac1a3a6f
Added to database: 7/22/2025, 9:31:05 AM
Last enriched: 4/9/2026, 5:41:47 PM
Last updated: 5/9/2026, 6:22:04 PM
Views: 115
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.