Skip to main content

CVE-2025-6379: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in beeteam368 BeeTeam368 Extensions Pro

High
VulnerabilityCVE-2025-6379cvecve-2025-6379cwe-22
Published: Sat Jun 28 2025 (06/28/2025, 03:21:58 UTC)
Source: CVE Database V5
Vendor/Project: beeteam368
Product: BeeTeam368 Extensions Pro

Description

The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.

AI-Powered Analysis

AILast updated: 06/28/2025, 03:54:33 UTC

Technical Analysis

CVE-2025-6379 is a high-severity directory traversal vulnerability affecting the BeeTeam368 Extensions Pro plugin for WordPress, specifically all versions up to and including 2.3.4. The vulnerability exists in the handle_live_fn() function, which improperly limits pathname access, allowing authenticated users with Subscriber-level privileges or higher to manipulate files outside the intended directory scope. This flaw enables attackers to perform unauthorized file operations, including the deletion of critical files such as wp-config.php. The wp-config.php file contains sensitive configuration details, including database credentials and security keys; its deletion can disrupt site functionality and potentially facilitate a full site takeover by enabling attackers to manipulate or reset the WordPress installation. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high severity, with attack vector being network-based, low attack complexity, requiring low privileges (authenticated Subscriber or above), no user interaction, and impacting confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the ease of exploitation combined with the potential impact makes this a significant threat to WordPress sites using this plugin. The vulnerability’s exploitation scope is limited to authenticated users, but since Subscriber-level access is relatively low privilege, many compromised or registered user accounts could be leveraged for attacks. The lack of available patches at the time of publication increases the urgency for mitigation.

Potential Impact

For European organizations running WordPress sites with the BeeTeam368 Extensions Pro plugin, this vulnerability poses a substantial risk. The ability for low-privileged authenticated users to delete critical configuration files can lead to site downtime, data breaches, and full site compromise. This can disrupt business operations, damage reputation, and potentially expose sensitive customer or organizational data. Given the widespread use of WordPress in Europe across sectors such as e-commerce, media, education, and government, exploitation could affect a broad range of organizations. Attackers could leverage this vulnerability to deface websites, inject malicious content, or pivot to further internal network compromise. The impact is particularly severe for organizations relying on WordPress for public-facing services or internal portals, where availability and data integrity are critical. Additionally, GDPR compliance implications arise if personal data is exposed or service disruptions affect data processing obligations.

Mitigation Recommendations

Immediate mitigation steps include restricting plugin usage to trusted users and minimizing the number of accounts with Subscriber-level or higher privileges. Organizations should audit user accounts to remove or limit unnecessary access. Implementing Web Application Firewalls (WAFs) with custom rules to detect and block suspicious path traversal attempts targeting the plugin’s endpoints can provide interim protection. Monitoring logs for unusual file operations or deletion attempts related to wp-config.php is critical. Until an official patch is released, consider disabling or removing the BeeTeam368 Extensions Pro plugin if feasible. If plugin functionality is essential, isolate the WordPress environment using containerization or strict file system permissions to limit the impact of potential exploitation. Regular backups of WordPress files and databases should be maintained to enable rapid recovery. Organizations should subscribe to vendor advisories and update the plugin promptly once a patch is available. Additionally, implementing multi-factor authentication (MFA) for all WordPress accounts can reduce the risk of account compromise that could facilitate exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-19T18:20:23.278Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 685f63f06f40f0eb726a575f

Added to database: 6/28/2025, 3:39:28 AM

Last enriched: 6/28/2025, 3:54:33 AM

Last updated: 7/2/2025, 9:33:47 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats