CVE-2025-59002
WordPress BM Content Builder Plugin < 3.16.3.3 - Arbitrary File Deletion VulnerabilityImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SeaTheme BM Content Builder allows Path Traversal. This issue affects BM Content Builder: from n/a through n/a.
We have discovered 718 live websites that are affected by CVE-2025-59002.
Affected Software
| Product |  BM Content Builder |
| Category | Wordpress Plugins |
| Vulnerable Domains | 718 live websites (97% of BM Content Builder install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 48 versions ( 98% of all versions) |
Common Weakness Enumeration
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')Details
- Published - Sep 26, 2025
- Updated - Sep 29, 2025
Credits
- Bonds (Patchstack Alliance) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-59002 United States | 131 websites |
 Germany | 143 websites |
 France | 55 websites |
 Italy | 43 websites |
 Netherlands | 39 websites |
 GB | 34 websites |
 Denmark | 32 websites |
 Switzerland | 31 websites |
 Japan | 31 websites |
 Poland | 19 websites |
Website Distribution by TLD
Number of websites using CVE-2025-59002| .com | 384 websites |
| .de | 49 websites |
| .nl | 23 websites |
| .co.uk | 23 websites |
| .net | 21 websites |
| .ch | 20 websites |
| .it | 19 websites |
| .fr | 16 websites |
| .at | 11 websites |
| .org | 10 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-59002
Top websites that are affected by CVE-2025-59002. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | ***,*** | |
| ************.com | Germany | *,***,*** | |
| *******.net | United States | *,***,*** | |
| ***********.biz | Japan | *,***,*** | |
| *************.com | Germany | *,***,*** | |
| ****.***********.net | *,***,*** | ||
| *****.as |  American Samoa | *,***,*** | |
| ************.com | Germany | *,***,*** | |
| *************.net | United States | *,***,*** | |
| *********.com | United States | *,***,*** |
FAQ
CVE-2025-59002 is Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in BM Content Builder
A total of 718 websites have been identified as vulnerable to CVE-2025-59002, based on global website indexing conducted by WebTechSurvey.
The BM Content Builder is affected by the CVE-2025-59002 vulnerability.
BM Content Builder versions up to 3.16.3.3 are vulnerable to CVE-2025-59002.
CVE-2025-59002 is resolved in version 3.16.3.3 of BM Content Builder.