4.3
CVE-2025-58246
- EPSS 0.04%
- Veröffentlicht 23.09.2025 18:15:37
- Zuletzt bearbeitet 28.04.2026 19:34:06
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability
WordPress <= 6.8.2 - Authenticated (Contributor+) Sensitive Information Exposure
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 4.7.31, 4.8.27, 4.9.28, 5.0.24, 5.1.21, 5.2.23, 5.3.20, 5.4.18, 5.5.17, 5.6.16, 5.7.14, 5.8.12, 5.9.12, 6.0.11, 6.1.9, 6.2.8, 6.3.7, 6.4.7, 6.5.7, 6.6.4, 6.7.4, 6.8.3
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerWordPress
≫
Produkt
WordPress
Default Statusunaffected
Version <=
6.8.2
Version
6.8
Status
affected
Version <=
6.7.3
Version
6.7
Status
affected
Version <=
6.6.3
Version
6.6
Status
affected
Version <=
6.5.6
Version
6.5
Status
affected
Version <=
6.4.6
Version
6.4
Status
affected
Version <=
6.3.6
Version
6.3
Status
affected
Version <=
6.2.7
Version
6.2
Status
affected
Version <=
6.1.8
Version
6.1
Status
affected
Version <=
6.0.10
Version
6.0
Status
affected
Version <=
5.9.11
Version
5.9
Status
affected
Version <=
5.8.11
Version
5.8
Status
affected
Version <=
5.7.13
Version
5.7
Status
affected
Version <=
5.6.15
Version
5.6
Status
affected
Version <=
5.5.16
Version
5.5
Status
affected
Version <=
5.4.17
Version
5.4
Status
affected
Version <=
5.3.19
Version
5.3
Status
affected
Version <=
5.2.22
Version
5.2
Status
affected
Version <=
5.1.20
Version
5.1
Status
affected
Version <=
5.0.23
Version
5.0
Status
affected
Version <=
4.9.27
Version
4.9
Status
affected
Version <=
4.8.26
Version
4.8
Status
affected
Version <=
4.7.30
Version
4.7
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
4.7-4.7.30
Version
4.8-4.8.26
Version
4.9-4.9.27
Version
5.0-5.0.23
Version
5.1-5.1.20
Version
5.2-5.2.22
Version
5.3-5.3.19
Version
5.4-5.4.17
Version
5.5-5.5.16
Version
5.6-5.6.15
Version
5.7-5.7.13
Version
5.8-5.8.11
Version
5.9-5.9.11
Version
6.0-6.0.10
Version
6.1-6.1.8
Version
6.2-6.2.7
Version
6.3-6.3.6
Version
6.4-6.4.6
Version
6.5-6.5.6
Version
6.6-6.6.3
Version
6.7-6.7.3
Version
6.8-6.8.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| audit@patchstack.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-201 Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.