CVE-2025-2881: Developer Toolbar <= 1.0.3 - Unauthenticated Information Exposure
First published: Sat Apr 12 2025(Updated: )
The Developer Toolbar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Developer Toolbar | <=1.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-2881?
CVE-2025-2881 is categorized as a high severity vulnerability due to its potential for sensitive information exposure.
How do I fix CVE-2025-2881?
To fix CVE-2025-2881, update the WordPress Developer Toolbar plugin to the latest version beyond 1.0.3.
What versions are affected by CVE-2025-2881?
CVE-2025-2881 affects all versions of the WordPress Developer Toolbar plugin up to and including version 1.0.3.
What kind of information can be exposed due to CVE-2025-2881?
CVE-2025-2881 may expose sensitive information such as server configuration details and environment variables.
Who can exploit CVE-2025-2881?
CVE-2025-2881 can be exploited by unauthenticated attackers who access the vulnerable phpinfo.php script.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/wordpress
- canonical/wordpress developer toolbar