CVE-2025-8009 in Security Ninja Plugininfo

Summary

by MITRE • 07/24/2025

The Security Ninja – WordPress Security Plugin & Firewall plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.242 via the 'get_file_source' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to extract sensitive data, including the contents of any file on the server.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

07/24/2025

Moderation

accepted

Entry

VDB-317455

CPE

ready

CWE

CWE-22 (confirmed)

CVSS

2.7 (VulDB)

EPSS

0.00493

KEV

Activities

very low

Sector

Hostingprovider

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-8009
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-8009
CVE Details	https://www.cvedetails.com/cve/CVE-2025-8009/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!