CVE-2025-60125
📋 TL;DR
This vulnerability in the FoodBook WordPress plugin allows attackers to retrieve embedded sensitive data through insertion of information into sent data. It affects all FoodBook plugin installations from unknown versions through 4.7.1. WordPress site administrators using vulnerable FoodBook plugin versions are affected.
💻 Affected Systems
- FoodBook WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could extract sensitive information such as API keys, database credentials, or user data embedded in plugin responses, potentially leading to full site compromise or data breach.
Likely Case
Information disclosure of plugin configuration data, potentially exposing operational details or limited sensitive information.
If Mitigated
Minimal impact with proper web application firewalls and access controls limiting exposure of sensitive endpoints.
🎯 Exploit Status
Exploitation likely requires some understanding of WordPress plugin structure and targeted requests to vulnerable endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 4.7.1
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/foodbook/vulnerability/wordpress-foodbook-plugin-4-7-1-sensitive-data-exposure-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find FoodBook plugin and check for updates. 4. Update to latest version (above 4.7.1). 5. Verify update completed successfully.
🔧 Temporary Workarounds
Disable FoodBook Plugin
WordPressTemporarily disable the vulnerable plugin until patching is possible.
wp plugin deactivate foodbook
Web Application Firewall Rule
allBlock requests to FoodBook plugin endpoints that may expose sensitive data.
🧯 If You Can't Patch
- Implement strict access controls to limit who can access WordPress admin and plugin endpoints.
- Deploy a web application firewall with rules to detect and block sensitive data exposure patterns.
🔍 How to Verify
Check if Vulnerable:
Check FoodBook plugin version in WordPress admin panel under Plugins > Installed Plugins.Check Version:
wp plugin list --name=foodbook --field=versionVerify Fix Applied:
Verify FoodBook plugin version is above 4.7.1 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual requests to FoodBook plugin endpoints
- Patterns of data extraction from plugin-specific URLs
Network Indicators:
- Traffic to FoodBook plugin endpoints with unusual parameters
- Responses containing sensitive data patterns
SIEM Query:
source="wordpress" AND (uri_path="/wp-content/plugins/foodbook/" OR user_agent CONTAINS "foodbook") AND (status_code=200 AND response_size>threshold)