CVE-2025-6379 is a high-severity directory traversal vulnerability affecting the BeeTeam368 Extensions Pro plugin for WordPress, specifically all versions up to and including 2.3.4. The vulnerability exists in the handle_live_fn() function, which improperly limits pathname access, allowing authenticated users with Subscriber-level privileges or higher to manipulate files outside the intended directory scope. This flaw enables attackers to perform unauthorized file operations, including the deletion of critical files such as wp-config.php. The wp-config.php file contains sensitive configuration details, including database credentials and security keys; its deletion can disrupt site functionality and potentially facilitate a full site takeover by enabling attackers to manipulate or reset the WordPress installation. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high severity, with attack vector being network-based, low attack complexity, requiring low privileges (authenticated Subscriber or above), no user interaction, and impacting confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation combined with the potential impact makes this a significant threat to WordPress sites using this plugin. The vulnerability’s exploitation scope is limited to authenticated users, but since Subscriber-level access is relatively low privilege, many compromised or registered user accounts could be leveraged for attacks. The lack of available patches at the time of publication increases the urgency for mitigation.

For European organizations running WordPress sites with the BeeTeam368 Extensions Pro plugin, this vulnerability poses a substantial risk. The ability for low-privileged authenticated users to delete critical configuration files can lead to site downtime, data breaches, and full site compromise. This can disrupt business operations, damage reputation, and potentially expose sensitive customer or organizational data. Given the widespread use of WordPress in Europe across sectors such as e-commerce, media, education, and government, exploitation could affect a broad range of organizations. Attackers could leverage this vulnerability to deface websites, inject malicious content, or pivot to further internal network compromise. The impact is particularly severe for organizations relying on WordPress for public-facing services or internal portals, where availability and data integrity are critical. Additionally, GDPR compliance implications arise if personal data is exposed or service disruptions affect data processing obligations.

Immediate mitigation steps include restricting plugin usage to trusted users and minimizing the number of accounts with Subscriber-level or higher privileges. Organizations should audit user accounts to remove or limit unnecessary access. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious path traversal attempts targeting the plugin’s endpoints can provide interim protection. Monitoring logs for unusual file operations or deletion attempts related to wp-config.php is critical. Until an official patch is released, consider disabling or removing the BeeTeam368 Extensions Pro plugin if feasible. If plugin functionality is essential, isolate the WordPress environment using containerization or strict file system permissions to limit the impact of potential exploitation. Regular backups of WordPress files and databases should be maintained to enable rapid recovery. Organizations should subscribe to vendor advisories and update the plugin promptly once a patch is available. Additionally, implementing multi-factor authentication (MFA) for all WordPress accounts can reduce the risk of account compromise that could facilitate exploitation.