CVE-2025-6082: 
WordPress vulnerability analysis and mitigation

The Birth Chart Compatibility plugin for WordPress contains a Full Path Disclosure vulnerability (CVE-2025-6082) affecting all versions up to and including 2.0. The vulnerability was discovered and disclosed on July 22, 2025. This security issue affects WordPress installations that have the Birth Chart Compatibility plugin installed (NVD).

The vulnerability stems from insufficient protection against directly accessing the plugin's index.php file, which causes an error that exposes the full path of the web application. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. It is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD, Wordfence).

The vulnerability allows unauthenticated attackers to retrieve the full path of the web application. While the exposed information is not directly harmful on its own, it can be leveraged to aid other attacks. The impact is considered moderate as it requires additional vulnerabilities to cause significant damage to affected websites (NVD).

The plugin has been temporarily closed as of July 21, 2025, pending a full security review. Users are advised to remove the plugin until a patched version becomes available (WordPress Plugin).