Skip to main content

CVE-2025-5920: CWE-201 Insertion of Sensitive Information Into Sent Data in Sharable Password Protected Posts

High
VulnerabilityCVE-2025-5920cvecve-2025-5920cwe-201
Published: Fri Jul 04 2025 (07/04/2025, 09:52:44 UTC)
Source: CVE Database V5
Product: Sharable Password Protected Posts

Description

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API.

AI-Powered Analysis

AILast updated: 07/14/2025, 21:18:23 UTC

Technical Analysis

CVE-2025-5920 is a high-severity vulnerability affecting the WordPress plugin 'Sharable Password Protected Posts' prior to version 1.1.1. This plugin allows users to create password-protected posts that can be shared via a secret key. The vulnerability arises because the secret key, which is intended to restrict access to authorized users only, is transmitted as a GET parameter in URLs. More critically, this secret key is exposed through the WordPress REST API, which can be accessed without authentication. This exposure constitutes a CWE-201 weakness, where sensitive information is inserted into sent data, making it accessible to unauthorized parties. The CVSS 3.1 base score of 7.5 reflects a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), and high impact on confidentiality (C:H) but no impact on integrity or availability (I:N/A:N). Exploiting this vulnerability allows an attacker to retrieve the secret key from the REST API and gain unauthorized access to password-protected posts without needing to guess or brute-force the password. This compromises the confidentiality of sensitive content intended to be restricted. Although no known exploits are currently reported in the wild, the ease of exploitation and the nature of the information exposed make this a significant risk. The vulnerability affects all versions before 1.1.1, with the affected version listed as '0' indicating initial releases or unpatched versions. No official patches or mitigation links are provided yet, emphasizing the need for immediate attention from site administrators using this plugin.

Potential Impact

For European organizations, especially those relying on WordPress sites with sensitive or confidential content shared via the Sharable Password Protected Posts plugin, this vulnerability poses a substantial risk to data confidentiality. Unauthorized disclosure of protected posts could lead to exposure of intellectual property, internal communications, or personal data, potentially violating GDPR and other privacy regulations. The breach of confidentiality could damage organizational reputation, lead to regulatory fines, and erode customer trust. Since the vulnerability requires no authentication or user interaction and can be exploited remotely over the network, attackers can easily automate data harvesting. This is particularly concerning for sectors such as finance, healthcare, legal, and government entities in Europe that often use password-protected posts to share sensitive information internally or with clients. The lack of impact on integrity and availability limits the threat to data leakage rather than system disruption, but the confidentiality breach alone is critical under European data protection frameworks.

Mitigation Recommendations

European organizations should immediately verify if their WordPress installations use the Sharable Password Protected Posts plugin and identify the version in use. If the plugin version is prior to 1.1.1, they should upgrade to the latest version as soon as it becomes available. In the absence of an official patch, administrators should consider disabling the plugin temporarily to prevent exposure. Additionally, organizations can restrict access to the WordPress REST API endpoints by implementing authentication requirements or IP whitelisting to prevent unauthorized retrieval of sensitive GET parameters. Web Application Firewalls (WAFs) can be configured to detect and block suspicious requests targeting the REST API that include the secret key parameter. Reviewing and minimizing the use of password-protected posts for highly sensitive data until the vulnerability is resolved is advisable. Monitoring logs for unusual access patterns to REST API endpoints can help detect exploitation attempts. Finally, organizations should educate content creators about the risks of sharing sensitive information via this plugin and encourage alternative secure sharing methods.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
WPScan
Date Reserved
2025-06-09T13:28:28.737Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6867a4e56f40f0eb729fc16f

Added to database: 7/4/2025, 9:54:45 AM

Last enriched: 7/14/2025, 9:18:23 PM

Last updated: 7/14/2025, 9:18:23 PM

Views: 23

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats