Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3897

The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.

Published

2025-05-09T12:15:33.370

Last Modified

2025-05-12T17:32:32.760

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

Weaknesses

Type: Secondary
CWE-22

Affected Vendors & Products

References

https://plugins.trac.wordpress.org/browser/eucookielaw/trunk/templates/EUCookieCache.php#L26 ([email protected])
https://plugins.trac.wordpress.org/changeset/3288917/ ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/d360de79-8490-4e70-b2d9-4f01a1ed3305?source=cve ([email protected])