CVE-2025-24552: 
WordPress vulnerability analysis and mitigation

A Full Path Disclosure (FPD) vulnerability was discovered in WordPress Paytium plugin versions 4.4.11 and below. The vulnerability was reported by Fariq Fadillah Gusti Insani on October 23, 2024, and was officially published on January 24, 2025, with the identifier CVE-2025-24552. The vulnerability affects the Paytium plugin, which is used for Mollie payment forms and donations in WordPress installations (Patchstack Database).

The vulnerability is classified as a Full Path Disclosure (FPD) issue with a CVSS severity score of 5.3 (Low). This security flaw could potentially expose the full path of folders or files within the system. The vulnerability is particularly concerning as it requires no authentication to exploit, making it accessible to unauthenticated users. The issue falls under the OWASP Top 10 category A3: Sensitive Data Exposure (Patchstack Database).

The vulnerability could allow malicious actors to obtain the full path of folders or files within the system. This information disclosure could potentially be leveraged to exploit other weaknesses in the system, although the specific impact may vary case by case. The overall severity is considered low, suggesting limited potential for serious exploitation (Patchstack Database).

The vulnerability has been fixed in Paytium version 4.4.12. Users are advised to update to version 4.4.12 or later to remove the vulnerability. For Patchstack users, enabling auto-update for vulnerable plugins is recommended as an additional security measure (Patchstack Database).