CVE-2025-6381 – BeeTeam368 Extensions plugin for WordPress Directory Traversal Vulnerability

June 28, 2025

CVE ID : CVE-2025-6381

Published : June 28, 2025, 4:15 a.m. | 2 hours, 7 minutes ago

Description : The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6252 – “Qi Addons For Elementor Stored Cross-Site Scripting Vulnerability”

Next Article CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

The best smartphones without AI features in 2025: Expert tested and recommended

GPT-5 was supposed to simplify ChatGPT but now it has 4 new modes – here’s why

Gemini just got two of ChatGPT’s best features – and they’re free

I found the easiest way to send files between my Android phone and desktop – and it’s free

Laravel Boost is released

Laravel Boost is released

Frontend Standards for Optimizely Configured Commerce: Clean & Scalable Web Best Practices

Live Agent Escalation in Copilot Studio Using D365 Omnichannel – Architecture and Use Case

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

OpenAI’s Sam Altman: GPT-5 fails to meet AGI standards amid Microsoft’s fading partnership — “it’s still missing something”

You Think You Need a Monster PC to Run Local AI, Don’t You? — My Seven-Year-Old Mid-range Laptop Says Otherwise

8 Registry Tweaks that will Make File Explorer Faster and Easier to Use on Windows 11

CVE-2025-6381 – BeeTeam368 Extensions plugin for WordPress Directory Traversal Vulnerability

How the always-on generation can level up its cybersecurity game

Supply-chain dependencies: Check your resilience blind spot

Microsoft Copilot is one step closer to being a true friend — it now remembers everything about you

CVE-2025-50740 – AutoConnect Arduino Library XSS Vulnerability

CVE-2025-2932 – JKDEVKIT WordPress Arbitrary File Deletion Vulnerability

CVE-2025-0885 – OpenText GroupWise Unauthorized Calendar Access Vulnerability

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

CVE-2025-53633 – Chall-Manager Zip Bomb Vulnerability

How to Install DeepSeek on Ubuntu 24.04 (Locally)

Jill Boisvert Fosters Continuous Learning in Perficient’s Salesforce Practice

CVE-2025-6381 – BeeTeam368 Extensions plugin for WordPress Directory Traversal Vulnerability

Related Posts