CVE-2025-2880: Yame | Link In Bio <= 0.9.0 - Unauthenticated Information Exposure
First published: Fri May 02 2025(Updated: )
The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yame Link In Bio | <=0.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2880?
CVE-2025-2880 has a medium severity due to the potential for sensitive information exposure.
How do I fix CVE-2025-2880?
To fix CVE-2025-2880, update the Yame | Link In Bio plugin to version 0.9.1 or later.
What information may be exposed due to CVE-2025-2880?
CVE-2025-2880 may expose sensitive server information accessible via the phpinfo.php script.
Which versions of Yame | Link In Bio are affected by CVE-2025-2880?
All versions up to and including 0.9.0 of the Yame | Link In Bio plugin are affected by CVE-2025-2880.
Who is impacted by CVE-2025-2880?
Any users of the Yame | Link In Bio plugin for WordPress using affected versions may be impacted by CVE-2025-2880.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/source
- agent/author
- agent/tags
- agent/event
- vendor/yame
- canonical/yame link in bio