Plattform
wordpress
Komponente
filr-protection
Behoben in
1.2.11
CVE-2025-64230 describes an Arbitrary File Access vulnerability within WP Chill Filr, a WordPress plugin. This flaw, stemming from improper path limitation, allows attackers to potentially read arbitrary files on the server. The vulnerability impacts versions 0.0.0 through 1.2.10 of the plugin, and a fix is available in version 1.2.11.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access restrictions and retrieve files that they should not be able to access. In the context of WP Chill Filr, this could expose sensitive configuration files, database credentials, or even source code. Successful exploitation could lead to data breaches, privilege escalation, and potentially complete compromise of the WordPress installation. The impact is amplified if the server hosts other sensitive applications or data, as the attacker could use this vulnerability as a stepping stone for lateral movement.
CVE-2025-64230 was publicly disclosed on December 18, 2025. The vulnerability is a classic path traversal issue, and public proof-of-concept exploits are likely to emerge quickly. While no active exploitation campaigns have been confirmed as of this writing, the ease of exploitation suggests a high probability of exploitation if left unpatched. It is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the WP Chill Filr plugin, particularly those running older versions (0.0.0 through 1.2.10), are at significant risk. Shared hosting environments where multiple websites share the same server resources are especially vulnerable, as a compromise of one site could potentially expose data from others.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/filr-protection/• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/filr-protection/../../../../etc/passwd' # Attempt to access sensitive file via path traversaldisclosure
Exploit-Status
EPSS
0.07% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-64230 is to immediately upgrade WP Chill Filr to version 1.2.11 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include restricting file permissions on the server to limit the attacker's ability to read files, or implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Monitor WordPress access logs for suspicious file access attempts. After upgrading, verify the fix by attempting to access a sensitive file via a path traversal request; the request should be denied.
Update to version 1.2.11, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-64230 is a path traversal vulnerability in WP Chill Filr allowing attackers to read arbitrary files. It has a CVSS score of 7.7 (HIGH) and affects versions 0.0.0 through 1.2.10.
You are affected if you are using WP Chill Filr versions 0.0.0 to 1.2.10. Check your plugin version and upgrade immediately if vulnerable.
Upgrade WP Chill Filr to version 1.2.11 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file permissions or using a WAF.
While no active exploitation campaigns have been confirmed, the ease of exploitation suggests a high probability of exploitation if left unpatched.
Refer to the WP Chill Filr website or WordPress plugin repository for the official advisory and release notes related to this vulnerability.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.