CVE-2025-6379 is a directory traversal vulnerability classified under CWE-22 found in the BeeTeam368 Extensions Pro plugin for WordPress, affecting all versions up to and including 2.3.4. The vulnerability exists in the handle_live_fn() function, which improperly restricts pathname inputs, allowing authenticated users with Subscriber-level privileges or higher to traverse directories beyond the plugin's intended scope. This flaw enables attackers to perform unauthorized file operations, including deletion of sensitive files such as wp-config.php, which contains database credentials and other critical configuration data. Exploiting this vulnerability can lead to complete site compromise, as deleting or modifying wp-config.php can disrupt site functionality and facilitate further malicious actions like privilege escalation or persistent backdoors. The vulnerability is remotely exploitable over the network without user interaction once the attacker has valid credentials, making it particularly dangerous in environments where subscriber accounts are common or easily obtained. The CVSS v3.1 base score of 8.8 reflects the high impact on confidentiality, integrity, and availability, combined with low attack complexity and limited privileges required. Although no known public exploits have been reported yet, the vulnerability's nature and impact suggest it could be weaponized rapidly. The lack of available patches at the time of publication increases the urgency for administrators to apply mitigations or monitor for suspicious activity.

The impact of CVE-2025-6379 is significant for organizations running WordPress sites with the vulnerable BeeTeam368 Extensions Pro plugin. Attackers with minimal privileges (Subscriber-level) can escalate their capabilities to manipulate critical site files, including wp-config.php, which can lead to complete site takeover. This compromises the confidentiality of sensitive data such as database credentials, undermines site integrity by allowing unauthorized file modifications or deletions, and affects availability by potentially disabling the site. For businesses relying on WordPress for e-commerce, content delivery, or customer engagement, such a compromise can result in data breaches, loss of customer trust, financial damage, and regulatory penalties. Additionally, compromised sites can be used as launchpads for further attacks, including malware distribution or phishing campaigns, amplifying the threat beyond the initial victim. The vulnerability's ease of exploitation and the common use of WordPress globally increase the risk of widespread impact, especially for sites that do not enforce strict user privilege management or timely patching.

To mitigate CVE-2025-6379, organizations should immediately upgrade the BeeTeam368 Extensions Pro plugin to a patched version once available. Until a patch is released, administrators should restrict Subscriber-level user capabilities by implementing stricter role-based access controls, limiting the number of users with such privileges, or temporarily disabling the plugin if feasible. Monitoring file integrity, especially for critical files like wp-config.php, using tools such as WordPress security plugins or external file integrity monitoring solutions, can help detect unauthorized changes early. Employing web application firewalls (WAFs) with custom rules to detect and block suspicious path traversal attempts targeting the handle_live_fn() function parameters can provide additional protection. Regular backups of WordPress sites and databases are essential to enable rapid recovery in case of compromise. Finally, organizations should audit user accounts to remove or downgrade unnecessary Subscriber-level accounts and enforce strong authentication mechanisms to reduce the risk of credential abuse.