Medium severity4.9NVD Advisory· Published Jul 24, 2025· Updated Apr 15, 2026
CVE-2025-8009
CVE-2025-8009
Description
The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=5.242+ 1 more
- (no CPE)range: <=5.242
- (no CPE)range: <=5.242
Patches
Vulnerability mechanics
References
4- plugins.trac.wordpress.org/browser/security-ninja/trunk/modules/core-scanner/core-scanner.phpnvd
- plugins.trac.wordpress.org/browser/security-ninja/trunk/modules/core-scanner/core-scanner.phpnvd
- plugins.trac.wordpress.org/changeset/3333048/nvd
- www.wordfence.com/threat-intel/vulnerabilities/id/51ee45f8-9978-48ec-8f87-229dc82938a8nvd
News mentions
0No linked articles in our index yet.