{"id":67303,"date":"2025-08-02T15:32:42","date_gmt":"2025-08-02T12:02:42","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-6722-bitfire-security-wordpress-firewall-waf-bot-spam-blocker-login-security-sensitive-information-exposure\/"},"modified":"2025-08-02T15:32:42","modified_gmt":"2025-08-02T12:02:42","slug":"cve-2025-6722-bitfire-security-wordpress-firewall-waf-bot-spam-blocker-login-security-sensitive-information-exposure","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-6722-bitfire-security-wordpress-firewall-waf-bot-spam-blocker-login-security-sensitive-information-exposure\/","title":{"rendered":"CVE-2025-6722 &#8211; BitFire Security &#8211; WordPress Firewall, WAF, Bot\/Spam Blocker, Login Security Sensitive Information Exposure"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-6722<br \/>\n<br \/>\n<strong>Published : <\/strong> Aug. 2, 2025, 10:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>The BitFire Security \u2013 Firewall, WAF, Bot\/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially sensitive files without any access restrictions. This makes it possible for unauthenticated attackers to extract sensitive data from various files like config.ini, debug.log, and more.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 5.3 | MEDIUM<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-6722 Published : Aug. 2, 2025, 10:15 a.m. | 1\u00a0hour, 23\u00a0minutes ago Description : The BitFire Security \u2013 Firewall, WAF, Bot\/Spam Blocker, Login Security plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5 via the bitfire_* directory that automatically gets created and stores potentially &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-67303","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/67303","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=67303"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/67303\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=67303"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=67303"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=67303"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}