Latest

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security 4.5

CVE-2025-6722

Severity: medium-risk
Status: Fixed
Publication: August 1, 2025

The BitFire Security plugin for WordPress, which includes features such as Firewall, WAF, Bot/Spam Blocker, and Login Security, has a vulnerability that could expose sensitive information. This vulnerability affects all versions up to 4.5 and is caused by the bitfire_* directory automatically creating and storing potentially sensitive files without any access restrictions. This means that attackers who are not logged in could potentially access and extract sensitive data from files like config.ini and debug.log.

Detected in:

BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security fixed vulnerable versions: >= * <= 4.5

Open source

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

Incorrect?

Is this information incorrect? Please leave us a message.

Latest

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security 4.5

Detected in:

Join our mailing list - 6 Tips & Tricks in your inbox over the next days!

Plugins

Get Started

About

Popular articles

Latest

Passkeys: no need for Limit Login Attempts?

Configuring Really Simple Security with WP-CLI

Access violation vulnerability in BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security 4.5

Detected in: