Birth Chart Compatibility Full Path Disclosure Vulnerability

漏洞信息

漏洞名称： Birth Chart Compatibility Full Path Disclosure Vulnerability

漏洞编号：

• CVE： CVE-2025-6082

漏洞类型： 信息泄露

漏洞等级： 中危

漏洞描述： 该漏洞存在于WordPress插件“Birth Chart Compatibility”中，版本2.0及以下。该插件主要用于提供星座兼容性分析功能，是WordPress平台上的一款流行插件，广泛应用于个人博客和小型企业网站中。漏洞类型为全路径泄露（Full Path Disclosure，CWE-200），攻击者可以通过发送特定的HTTP GET请求到插件的index.php端点，触发PHP警告或致命错误，从而泄露服务器的文件系统路径（如/var/www/html/wp-content/plugins/…或C:\xampp\htdocs...）。这种信息泄露虽然不直接允许攻击者执行代码或访问数据，但可以为后续的攻击（如本地文件包含LFI、远程代码执行RCE或其他侦察攻击）提供有价值的信息。漏洞的根源在于插件未能正确处理错误消息，导致敏感信息被泄露。攻击者无需认证即可利用此漏洞，且可以自动化执行。为了缓解此漏洞，建议用户尽快更新插件到已修复的版本（>2.0），或者禁用/删除未使用的插件，并通过Web服务器配置（如.htaccess或Nginx规则）拒绝直接访问插件PHP文件（index.php）。

产品名称： Birth Chart Compatibility WordPress Plugin

影响版本： <= 2.0

来源： https://github.com/byteReaper77/CVE-2025-6082

类型： CVE-2025:github search

仓库文件

• LICENSE
• README.md
• exploit.c

来源概述

CVE-2025-6082 Full Path Disclosure PoC

Author: Byte Reaper
Telegram: @ByteReaper0
CVE: CVE-2025-6082
Vulnerability: Full Path Disclosure (CWE-200)

Description

This Proof‑of‑Concept exploits a Full Path Disclosure bug in the Birth Chart Compatibility WordPress plugin (versions ≤ 2.0). The POC sends an HTTP GET request to the plugin’s index.php endpoint, captures any PHP warning or fatal error, and parses out the server’s filesystem path (e.g. /var/www/html/wp-content/plugins/... or C:\xampp\htdocs\...).
Revealing the full path aids an attacker in chaining further Local File Inclusion (LFI), Remote Code Execution (RCE), or other reconnaissance attacks.

Requirements

• Linux
• gcc or compatible C compiler
• libcurl development headers
• argparse.c / argparse.h

Compilation

gcc -o fpd-poc exploit.c argparse.c  -lcurl

Usage

./fpd-poc -u https://target.com [options]

Options:

Flag Description

-u, –url (Required) Base URL of the target WordPress site
-c, –cookies Use cookies from FILE (optional)
-v, –verbose Enable verbose curl output
-f, –loop Repeat the request N times (e.g. -f 10)
-h, –help Show this help message

Example:

Single check

./fpd-poc -u https://victim.com

Verbose mode with 5 repeated checks

./fpd-poc -u https://victim.com -v -f 5
Sample output:

[+] Request sent successfully
[+] Input Url : https://victim.com
[+] Full Format Url: https://victim.com/wp-content/plugins/birth-chart-compatibility/index.php
[+] Http Code : 200
====================================[Response]====================================
Warning: include(/var/www/html/wp-content/plugins/birth-chart-compatibility/missing.php): failed to open stream…
[+] Response Len : 256
[+] Keyword found: Warning:
[+] Context: Warning: include(/var/www/html/wp-content/plugins/birth-chart-compatibility/missing.php
Mitigation
Update the “Birth Chart Compatibility” plugin to a patched version (> 2.0) as soon as it is released.

Disable or remove the plugin if you do not use it.

Deny direct access to plugin PHP files (index.php) through your web server configuration (e.g. via .htaccess or Nginx rules).

Disclaimer
This code is provided for educational and testing purposes only. Unauthorized use against systems you do not own or have explicit permission to test may be illegal.