Plattform
wordpress
Komponente
anona
Behoben in
8.0.1
CVE-2025-68901 describes an Arbitrary File Access vulnerability within the Anona WordPress plugin. This flaw allows attackers to potentially read sensitive files on the server by manipulating file paths, bypassing intended access controls. The vulnerability impacts versions of Anona from 0.0.0 up to and including 8.0. A fix is expected to be released by the vendor.
The Arbitrary File Access vulnerability in Anona allows an attacker to read arbitrary files from the web server's file system. This could expose sensitive information such as configuration files, database credentials, source code, or even user data. Successful exploitation requires an attacker to craft a malicious URL that exploits the path traversal flaw. The potential blast radius is significant, as the attacker could gain access to a wide range of files depending on the server's configuration and permissions. While no direct precedent is immediately obvious, similar path traversal vulnerabilities have historically led to complete server compromise.
CVE-2025-68901 was published on 2026-01-22. The EPSS score is pending evaluation. No public proof-of-concept exploits are currently known. It is not listed on the CISA KEV catalog at the time of writing.
Websites using the Anona WordPress plugin, particularly those running older versions (0.0.0 - 8.0), are at risk. Shared hosting environments are especially vulnerable, as they often have limited control over plugin updates and file permissions. Administrators who haven't implemented robust security practices or regularly monitor their WordPress installations are also at increased risk.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/anona/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/anona/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-68901 is to upgrade to a patched version of the Anona plugin as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. These could include restricting file access permissions on the server to limit the potential damage from a successful exploit. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious path traversal patterns (e.g., ../). Thoroughly review the plugin's code for other potential vulnerabilities. After upgrading, verify the fix by attempting to access a known sensitive file via a crafted URL; access should be denied.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-68901 is a HIGH severity vulnerability in the Anona WordPress plugin allowing attackers to read files outside the intended web root through path traversal.
If you are using Anona WordPress plugin versions 0.0.0 through 8.0, you are potentially affected by this vulnerability.
Upgrade to a patched version of the Anona plugin as soon as it becomes available. Until then, implement WAF rules and restrict file permissions.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2025-68901.
Refer to the AivahThemes website and WordPress plugin repository for official advisories and updates regarding CVE-2025-68901.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.