CVEs-PoC/2025/CVE-2025-3897.md

CVE-2025-3897

Description

The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.

POC

Reference

No PoCs from references.

Github

• https://github.com/fkie-cad/nvd-json-data-feeds