Platform
wordpress
Component
anona
Fixed in
8.0.1
CVE-2025-68901 describes an Arbitrary File Access vulnerability within the Anona WordPress plugin. This vulnerability allows attackers to potentially read sensitive files on the server by manipulating file paths. The issue affects versions from 0.0.0 up to and including 8.0. A fix is expected to be released by the vendor.
The Arbitrary File Access vulnerability in Anona allows an attacker to bypass intended access restrictions and read files outside of the intended web root. This could expose sensitive information such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete server compromise, depending on the files accessed and the attacker's subsequent actions. The impact is amplified if the server hosts other sensitive applications or data. While no direct precedent is immediately obvious, path traversal vulnerabilities are frequently exploited to gain unauthorized access to system resources.
CVE-2025-68901 was published on 2026-01-22. Currently, there are no known public proof-of-concept exploits. The vulnerability's severity is rated HIGH (CVSS 8.6), indicating a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any updates regarding active exploitation campaigns.
Exploit Status
EPSS
0.03% (8% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to a patched version of the Anona plugin as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. Web Application Firewalls (WAFs) can be configured to filter requests containing path traversal sequences (e.g., ../). Restrict file permissions on sensitive directories to prevent unauthorized access, even if the vulnerability is exploited. Regularly review WordPress plugin installations and remove any unused or outdated plugins to reduce the attack surface. Monitor web server access logs for suspicious requests containing path traversal attempts.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-68901 is a HIGH severity vulnerability in the Anona WordPress plugin allowing attackers to read files outside the intended web root through path traversal.
If you are using Anona WordPress plugin versions 0.0.0 through 8.0, you are potentially affected by this vulnerability.
Upgrade to a patched version of the Anona plugin as soon as it becomes available. Until then, implement WAF rules and restrict file permissions.
Currently, there are no known public exploits or confirmed active exploitation campaigns for CVE-2025-68901.
Refer to the AivahThemes website and WordPress plugin repository for official advisories and updates regarding CVE-2025-68901.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.