CVE-2025-69055
📋 TL;DR
This path traversal vulnerability in SeaTheme BM Content Builder WordPress plugin allows attackers to download arbitrary files from the server by manipulating file paths. It affects all WordPress sites running BM Content Builder plugin versions up to and including 3.16.3.
💻 Affected Systems
- SeaTheme BM Content Builder WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through downloading sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files.
Likely Case
Unauthorized access to sensitive WordPress configuration files, potentially leading to database compromise or privilege escalation.
If Mitigated
Limited file access restricted to web-accessible directories if proper file permissions are configured.
🎯 Exploit Status
Path traversal vulnerabilities are commonly exploited with simple HTTP requests. The Patchstack reference indicates this is an arbitrary file download vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.16.3
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find BM Content Builder. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock path traversal patterns in HTTP requests
WAF specific - configure to block requests containing '../', '..\', or absolute paths
File Permission Hardening
linuxRestrict file permissions on sensitive directories
chmod 640 wp-config.php
chmod 600 ~/.ssh/*
chmod 750 /etc/
🧯 If You Can't Patch
- Immediately deactivate and remove the BM Content Builder plugin from WordPress
- Implement strict file system permissions and monitor for unusual file access patterns
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for BM Content Builder version ≤ 3.16.3Check Version:
wp plugin list --name=bm-builder --field=version (if WP-CLI installed)Verify Fix Applied:
Verify plugin version is > 3.16.3 or plugin is completely removed📡 Detection & Monitoring
Log Indicators:
- HTTP requests with '../' patterns to plugin endpoints
- Unusual file downloads from /wp-content/plugins/bm-builder/
Network Indicators:
- GET requests containing path traversal sequences to plugin URLs
SIEM Query:
source="web_logs" AND (uri="*../*" OR uri="*..\\*") AND uri="*/bm-builder/*"