Medium severity5.3NVD Advisory· Published Apr 12, 2025· Updated Apr 15, 2026
CVE-2025-2841
CVE-2025-2841
Description
The Cart66 Cloud plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.7 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.phpnvd
- plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.phpnvd
- plugins.trac.wordpress.org/browser/cart66-cloud/tags/2.3.7/views/admin/html-system-info.phpnvd
- wordpress.org/plugins/cart66-cloud/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/5be01bba-e4f4-4818-9612-fc37b648a349nvd
News mentions
0No linked articles in our index yet.