cleantalk
Vulnerabilities and Security Researches

Hide My WP Ghost – Security Plugin, CVE-2025-2056

CVE, Research URL

CVE-2025-2056

Home page URL

Security reports for Hide My WP Ghost – Security Plugin

Application

Hide My WP Ghost – Security Plugin

Published on
Mar 14, 2025
Research Description
The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 5.4.01 via the showFile function. This makes it possible for unauthenticated attackers to read the contents of specific file types on the server, which can contain sensitive information.
Affected versions
Min -, max 5.4.02.
Status
vulnerable
Previous vulnerability researches
WP Performance Pack (CVE-2025-28938) , Mar 13, 2025
New vulnerability
LoginPress | wp-login Custom Login Page Customizer (CVE-2025-1764) , Mar 15, 2025
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) (CVE-2025-1620) , Mar 14, 2025
Hide My WP Ghost – Security Plugin (CVE-2025-2056) , Mar 14, 2025
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2024-13887) , Mar 14, 2025
AppPresser – Mobile App Framework (CVE-2025-1561) , Mar 14, 2025