CVE-2025-64253 MEDIUM

CVE-2025-64253: WordPress Health Check & Troubleshooting plugin <= 1.7.1 - Path Traversal vulnerability

Vendor Wordpress.org
Product Health Check & Troubleshooting
Weakness CWE-35
Published December 16, 2025
Last update April 28, 2026

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Path Traversal: '.../...//' vulnerability in WordPress.org Health Check & Troubleshooting health-check allows Path Traversal.This issue affects Health Check & Troubleshooting: from n/a through <= 1.7.1.

Explanation of Vulnerability in Simple Terms

02Summary

The Health Check & Troubleshooting plugin for WordPress contains an information disclosure vulnerability affecting versions up to 1.7.1. An authenticated administrator with high privileges can access sensitive diagnostic information that should be restricted. The vulnerability does not allow data modification or system unavailability, but exposes confidential site details to privileged users.

What an attacker can do

03Attacker Capabilities

Read sensitive diagnostic and configuration information from the site.

Potential impact on your site

04Site Impact

Administrators with malicious intent or compromised admin accounts can view confidential site diagnostics and configuration data.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the WordPress site.

Key dates

06Disclosure timeline

December 16, 2025 CVE published
April 28, 2026 Record updated