Description
The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
Published: 2025-06-28
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file deletion
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a directory traversal flaw in the handle_remove_temp_file() function of the BeeTeam368 Extensions plugin for WordPress. It allows authenticated users with Subscriber-level access or higher to obtain file paths outside the intended upload directory. By exploiting this flaw, an attacker can delete critical files such as wp-config.php, which can lead to a site takeover. The weakness corresponds to CWE-36, illustrating improper validation of file paths.

Affected Systems

Systems running the BeeTeam368 Extensions plugin on WordPress with versions up to and including 2.3.4 are impacted. This includes any websites that have installed this plugin in those revisions and maintain WordPress environments where subscriber accounts exist.

Risk and Exploitability

The CVSS base score of 8.8 indicates high severity. EPSS indicates a very low probability of exploitation (<1%) but that does not negate the potential impact when subscriber accounts are present. The vulnerability is not listed in CISA KEV. Exploitation requires the attacker to be logged in with at least subscriber privileges, after which a crafted request invoking handle_remove_temp_file() can traverse directories and delete arbitrary files. Once wp-config.php is removed, the remaining user can take full control of the site.

Generated by OpenCVE AI on April 20, 2026 at 20:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade BeeTeam368 Extensions to a version newer than 2.3.4.
  • Reduce the number of active Subscriber accounts or limit their file‑system access.
  • Configure file permissions to prevent deletion of wp-config.php and harden the WordPress filesystem.

Generated by OpenCVE AI on April 20, 2026 at 20:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28733 The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
History

Mon, 07 Jul 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Beeteam368
Beeteam368 vidmov
CPEs cpe:2.3:a:beeteam368:vidmov:*:*:*:*:*:wordpress:*:*
Vendors & Products Beeteam368
Beeteam368 vidmov

Mon, 30 Jun 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 28 Jun 2025 03:30:00 +0000

Type Values Removed Values Added
Description The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
Title BeeTeam368 Extensions <= 2.3.4 - Authenticated (Subscriber+) Directory Traversal to Arbitrary File Deletion
Weaknesses CWE-36
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Beeteam368 Vidmov
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:15:26.691Z

Reserved: 2025-06-19T18:45:51.733Z

Link: CVE-2025-6381

cve-icon Vulnrichment

Updated: 2025-06-30T16:19:13.494Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-28T04:15:46.110

Modified: 2025-07-07T15:24:28.070

Link: CVE-2025-6381

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T20:30:16Z

Weaknesses