CVE-2025-39492: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability (CVE-2025-39492) was identified in the WHMPress WordPress plugin, affecting versions from 6.2 through revision. The vulnerability was discovered and disclosed on May 16, 2025. This security issue specifically impacts the WHMpress plugin, which is a WordPress integration tool (Patchstack).

The vulnerability is classified as a Path Traversal vulnerability (CWE-35) that enables Relative Path Traversal. It has received a CVSS v3.1 base score of 7.5 (High), with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This scoring indicates that the vulnerability is network-accessible, requires high attack complexity, needs low privileges, and no user interaction, while potentially impacting confidentiality, integrity, and availability at high levels (NVD, Patchstack).

The vulnerability could enable malicious actors to include local files of the target website and display their contents. This could potentially lead to the exposure of sensitive information, including database credentials, which might result in complete database takeover depending on the configuration (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects WHMpress versions 6.2 through revision-9, and no patched version has been released at the time of reporting (Patchstack).