CVE-2025-8562 is a path traversal vulnerability classified under CWE-22 found in the Custom Query Shortcode plugin for WordPress, developed by peterhebert. The vulnerability exists in all versions up to and including 0.4.0 and is exploitable via the 'lens' parameter. An attacker with authenticated access at the Contributor level or higher can manipulate this parameter to traverse directories and read arbitrary files on the server. This can lead to unauthorized disclosure of sensitive information such as configuration files, credentials, or other data stored on the web server. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based. The CVSS v3.1 base score is 6.5, reflecting a medium severity due to the ease of exploitation (low attack complexity), the requirement for authenticated access, and the high impact on confidentiality. There is no impact on integrity or availability. No patches or fixes are currently linked, and no known exploits are reported in the wild. The vulnerability highlights the risk of insufficient input validation and improper restriction of file path parameters in WordPress plugins, which can expose sensitive server files to authorized but potentially malicious users.

The primary impact of CVE-2025-8562 is unauthorized disclosure of sensitive information stored on the web server hosting the vulnerable WordPress plugin. Attackers with Contributor-level access can read arbitrary files, potentially exposing database credentials, configuration files, or other critical data. This can lead to further compromise if attackers leverage the disclosed information for privilege escalation or lateral movement. Although the vulnerability does not directly affect system integrity or availability, the confidentiality breach can have severe consequences, including data leaks, compliance violations, and reputational damage. Organizations relying on the Custom Query Shortcode plugin are at risk, especially if they grant Contributor or higher privileges to untrusted users. The vulnerability could be exploited in targeted attacks against websites with sensitive data or in multi-tenant hosting environments where file disclosure could affect multiple clients.

1. Immediately restrict Contributor-level and higher privileges to trusted users only to reduce the risk of exploitation. 2. Monitor and audit user activities related to the Custom Query Shortcode plugin, focusing on unusual usage of the 'lens' parameter. 3. Disable or remove the Custom Query Shortcode plugin until a security patch or update is released by the vendor. 4. Implement web application firewall (WAF) rules to detect and block path traversal attempts targeting the 'lens' parameter. 5. Harden server file permissions to limit access to sensitive files, minimizing the impact if traversal occurs. 6. Regularly scan WordPress installations for vulnerable plugin versions and apply updates promptly once available. 7. Educate site administrators about the risks of granting elevated privileges unnecessarily and enforce the principle of least privilege. 8. Consider isolating WordPress instances or using containerization to limit the scope of potential breaches.