CVE-2025-6722 is a vulnerability classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) affecting the BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security WordPress plugin developed by bitslip6. The issue arises because the plugin automatically creates a directory named bitfire_* that stores potentially sensitive files such as config.ini and debug.log. These files lack proper access restrictions, making them accessible to unauthenticated attackers if the web server has directory listing enabled and the ~/wp-content/plugins/index.php file is missing or ignored. Directory listing allows attackers to enumerate files within the directory, facilitating the extraction of sensitive information that could include configuration details or debugging data. The vulnerability affects all versions up to and including 4.5 of the plugin. The CVSS v3.1 base score is 5.3, reflecting medium severity, with an attack vector of network (remote), low attack complexity, no privileges required, no user interaction, and impact limited to confidentiality loss without affecting integrity or availability. No patches or exploits are currently reported, but the exposure of sensitive data could aid attackers in further compromising the affected WordPress site or its environment.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive information stored within the bitfire_* directory. Exposure of configuration files like config.ini and debug.log can reveal critical details such as database credentials, API keys, or internal debugging information. This information leakage can facilitate subsequent attacks, including privilege escalation, data theft, or site compromise. Since the vulnerability does not affect integrity or availability directly, the immediate damage is limited to confidentiality breaches. However, the ease of exploitation (no authentication or user interaction required) and the potential sensitivity of exposed data make this a significant risk for organizations relying on this plugin. Organizations with publicly accessible WordPress sites using the affected plugin versions and misconfigured servers allowing directory listing are particularly vulnerable. The absence of known exploits in the wild reduces immediate threat but does not eliminate the risk of future exploitation.

To mitigate this vulnerability, organizations should first verify and disable directory listing on their web servers to prevent attackers from enumerating files in the bitfire_* directory. This can be done by adjusting server configurations such as disabling Options Indexes in Apache or the equivalent in NGINX. Additionally, ensure that the ~/wp-content/plugins/index.php file exists and is properly configured to prevent directory browsing. Restrict access permissions on the bitfire_* directory and its files to authorized users only, ideally limiting web server access to necessary files. Review and remove any sensitive files that do not need to be publicly accessible. If possible, update the plugin to a patched version once available or contact the vendor for remediation guidance. Implementing web application firewalls (WAFs) with rules to block access to sensitive plugin directories can provide an additional layer of defense. Regularly audit WordPress plugins and server configurations to detect and remediate similar issues proactively.