CVE-2025-7518 is a path traversal vulnerability identified in the RSFirewall! plugin for WordPress, developed by rsjoomla. This vulnerability affects all versions up to and including 1.1.42. The flaw resides in the get_local_filename() function, which improperly limits the pathname to a restricted directory, allowing an authenticated attacker with Administrator-level privileges or higher to read arbitrary files on the server. This can lead to exposure of sensitive information such as configuration files, credentials, or other critical data stored on the server. The vulnerability does not require user interaction beyond authentication but does require high privileges, limiting exploitation to users who already have significant access. The CVSS 3.1 base score is 4.9 (medium severity), reflecting the network attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, high confidentiality impact, and no impact on integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability is classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a common issue leading to path traversal attacks.

For European organizations using WordPress with the RSFirewall! plugin, this vulnerability poses a significant risk to confidentiality. An attacker with administrator access could leverage this flaw to access sensitive files on the web server, potentially exposing credentials, private keys, or proprietary data. This could facilitate further attacks such as privilege escalation, lateral movement, or data exfiltration. Given that WordPress is widely used across Europe for various sectors including government, finance, healthcare, and e-commerce, the exposure of sensitive information could lead to regulatory non-compliance (e.g., GDPR violations), reputational damage, and financial losses. However, the requirement for administrator-level access limits the threat to scenarios where an attacker has already compromised or gained elevated access to the system, making it less likely to be exploited by external attackers without prior access. Nonetheless, insider threats or compromised administrator accounts could exploit this vulnerability to significant effect.

European organizations should immediately audit their WordPress installations to identify the presence of the RSFirewall! plugin and verify the version in use. Until an official patch is released, organizations should consider the following mitigations: 1) Restrict administrator access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of account compromise. 2) Implement strict file system permissions on the web server to limit the files accessible by the web application user, minimizing the impact of path traversal. 3) Monitor logs for unusual file access patterns that could indicate exploitation attempts. 4) Consider disabling or uninstalling the RSFirewall! plugin if it is not critical to operations or if a patch is not available. 5) Stay updated with vendor advisories and apply patches promptly once released. 6) Employ web application firewalls (WAFs) with custom rules to detect and block path traversal attempts targeting this plugin.