CVE-2025-2882 MEDIUM

CVE-2025-2882: GreenPay(tm) by Green.Money 3.0.0 - 3.0.9 - Unauthenticated Information Exposure

Vendor Greenmoney
Product GreenPay(tm) by Green.Money
Weakness CWE-200 · Info exposure
Published April 8, 2025
Last update April 8, 2025
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.

Key dates

02Disclosure timeline

April 8, 2025 CVE published
April 8, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-12010 Authors List <= 2.0.6.1 - Authenticated (Contributor+) Sensitive Information Exposure via Limited Method Call in Plugin's Shortcode CVE-2026-53725 Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied CVE-2024-13623 Order Export for WooCommerce <= 3.24 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory CVE-2021-28169 CVE-2023-31927 An information disclosure in the web interface of Brocade Fabric OS