CVE-2025-6070 - Vulnerability Details

- Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read

Description

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Published: 2025-06-14

Score: 6.5 Medium

EPSS: 1.4% Low

KEV: No

Impact:

Action:

Analysis

Impact

The Restrict File Access WordPress plugin is vulnerable to directory traversal through its output() function, allowing an attacker who is authenticated with a Subscriber account or higher to read any file on the server. This flaw can expose sensitive data such as configuration files or private user information, potentially compromising the confidentiality of site content and backend data. The weakness is formally classified as CWE-22.

Affected Systems

All installations of the Restrict File Access plugin distributed by josxha, for WordPress sites, are affected when the plug‑in version is 1.1.2 or older. Users who have installed the 1.1.2 release or any earlier version of the plugin are susceptible regardless of other security hardening measures.

Risk and Exploitability

The CVSS score of 6.5 places this flaw in the medium severity range, and the EPSS score of 1% indicates a low but non‑zero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, suggesting no widespread active exploitation is publicly documented. Attackers must first authenticate to the WordPress site with at least Subscriber‑level privileges, which is the likely vector, and then exploit the traversal flaw to read arbitrary files. The impact is limited to information disclosure rather than full compromise, but the ability to obtain confidential files can still lead to significant damage.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

josxha

Restrict File Access

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.1.2

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Restrict File Access plugin to version 1.1.3 or later, which removes the output() directory traversal pathway.
If an upgrade is not immediately possible, uninstall or disable the plugin to eliminate the vector.
Restrict Subscriber and higher roles to only those users who genuinely need access, and audit role assignments to minimize the number of accounts capable of triggering the flaw.
Apply general input validation best practices to any custom code that might manipulate file paths, ensuring paths are canonicalized and confined within allowed directories.

Generated by OpenCVE AI on April 21, 2026 at 20:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-18328	The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01381.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77
https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00408}`	epss `{'score': 0.0047}`

Tue, 17 Jun 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 14 Jun 2025 08:45:00 +0000

Type	Values Removed	Values Added
Description		The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Title		Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read
Weaknesses		CWE-22
References		https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/url_rewrite/url_rewrite.php#L77 https://www.wordfence.com/threat-intel/vulnerabilities/id/6e9eec61-bf51-4cf7-b567-58ee2ccd91c5?source=cve
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-06-14T08:23:25.593Z

Updated: 2026-04-08T16:59:43.772Z

Reserved: 2025-06-13T14:24:54.975Z

Link: CVE-2025-6070

Vulnrichment

Updated: 2025-06-16T16:47:12.450Z

NVD

Status : Deferred

Published: 2025-06-14T09:15:25.180

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-6070

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-21T20:15:44Z

Weaknesses

CWE-22

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object