Platform
wordpress
Component
tainacan
Fixed in
0.21.15
CVE-2025-47512 describes an Arbitrary File Access vulnerability discovered in the Tainacan WordPress plugin. This flaw allows attackers to potentially read sensitive files on the server by manipulating file paths. The vulnerability impacts versions from 0.0.0 through 0.21.14, and a fix is available in version 0.21.15.
The Arbitrary File Access vulnerability enables an attacker to read arbitrary files from the web server's file system. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the WordPress instance and potentially the underlying server. While the vulnerability requires path manipulation, the ease of this manipulation could allow for widespread exploitation, particularly on systems with default configurations or insufficient file access controls.
CVE-2025-47512 was publicly disclosed on 2025-05-23. There are currently no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog at the time of writing. The relatively straightforward nature of path traversal vulnerabilities suggests that a public proof-of-concept may emerge.
Exploit Status
EPSS
0.38% (59% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-47512 is to immediately upgrade the Tainacan plugin to version 0.21.15 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter file access controls on the server to limit the potential impact of the vulnerability. Web Application Firewalls (WAFs) configured with rules to block path traversal attempts can also provide a temporary layer of defense. Review and restrict file permissions to prevent unauthorized access.
Actualice el plugin Tainacan a la última versión disponible para mitigar la vulnerabilidad de recorrido de directorio. Verifique la página del plugin en WordPress.org para obtener las actualizaciones más recientes y las instrucciones de instalación. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar cualquier plugin.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-47512 is a HIGH severity vulnerability affecting the Tainacan WordPress plugin, allowing attackers to read arbitrary files on the server through path manipulation. It impacts versions 0.0.0–0.21.14.
If you are using Tainacan WordPress plugin versions 0.0.0 through 0.21.14, you are potentially affected by this vulnerability. Check your plugin version and upgrade immediately.
Upgrade the Tainacan plugin to version 0.21.15 or later to resolve this Arbitrary File Access vulnerability. If immediate upgrade is not possible, implement stricter file access controls.
As of the current date, there are no confirmed reports of active exploitation of CVE-2025-47512, but the vulnerability's nature suggests potential for future exploitation.
Refer to the official Tainacan plugin website or WordPress plugin repository for the latest advisory and update information regarding CVE-2025-47512.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.