CVE-2025-32629: 
WordPress vulnerability analysis and mitigation

The CVE-2025-32629 is a Path Traversal vulnerability discovered in CMSJunkie's WordPress Business Directory Plugin (WP-BusinessDirectory). The vulnerability affects versions through 3.1.2 of the WP-BusinessDirectory plugin. This security flaw was initially reported on January 30, 2025, and was publicly disclosed on April 9, 2025 (Patchstack).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue, identified as CWE-22. It has received a CVSS v3.1 Base Score of 8.6 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The vulnerability can be exploited without authentication, making it particularly dangerous (Patchstack).

The vulnerability allows for Arbitrary File Deletion, which could enable a malicious actor to delete files from the affected website. If core files are deleted, it could cause the site to break and stop functioning. The high CVSS score of 8.6 indicates that this vulnerability is highly dangerous and expected to become mass exploited (Patchstack).

As there is no official fix available, it is recommended to remove and replace the software immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. Website owners are advised to either implement the Patchstack virtual patch or completely remove the vulnerable plugin (Patchstack).