CVE-2025-5920: CWE-201 Insertion of Sensitive Information Into Sent Data in Sharable Password Protected Posts
The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API.
AI Analysis
Technical Summary
CVE-2025-5920 is a high-severity vulnerability affecting the WordPress plugin 'Sharable Password Protected Posts' prior to version 1.1.1. This plugin allows users to create password-protected posts that can be shared via a secret key. The vulnerability arises because the secret key, which is intended to restrict access to authorized users only, is transmitted as a GET parameter in URLs. More critically, this secret key is exposed through the WordPress REST API, which can be accessed without authentication. This exposure constitutes a CWE-201 weakness, where sensitive information is inserted into sent data, making it accessible to unauthorized parties. The CVSS 3.1 base score of 7.5 reflects a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), and high impact on confidentiality (C:H) but no impact on integrity or availability (I:N/A:N). Exploiting this vulnerability allows an attacker to retrieve the secret key from the REST API and gain unauthorized access to password-protected posts without needing to guess or brute-force the password. This compromises the confidentiality of sensitive content intended to be restricted. Although no known exploits are currently reported in the wild, the ease of exploitation and the nature of the information exposed make this a significant risk. The vulnerability affects all versions before 1.1.1, with the affected version listed as '0' indicating initial releases or unpatched versions. No official patches or mitigation links are provided yet, emphasizing the need for immediate attention from site administrators using this plugin.
Potential Impact
For European organizations, especially those relying on WordPress sites with sensitive or confidential content shared via the Sharable Password Protected Posts plugin, this vulnerability poses a substantial risk to data confidentiality. Unauthorized disclosure of protected posts could lead to exposure of intellectual property, internal communications, or personal data, potentially violating GDPR and other privacy regulations. The breach of confidentiality could damage organizational reputation, lead to regulatory fines, and erode customer trust. Since the vulnerability requires no authentication or user interaction and can be exploited remotely over the network, attackers can easily automate data harvesting. This is particularly concerning for sectors such as finance, healthcare, legal, and government entities in Europe that often use password-protected posts to share sensitive information internally or with clients. The lack of impact on integrity and availability limits the threat to data leakage rather than system disruption, but the confidentiality breach alone is critical under European data protection frameworks.
Mitigation Recommendations
European organizations should immediately verify if their WordPress installations use the Sharable Password Protected Posts plugin and identify the version in use. If the plugin version is prior to 1.1.1, they should upgrade to the latest version as soon as it becomes available. In the absence of an official patch, administrators should consider disabling the plugin temporarily to prevent exposure. Additionally, organizations can restrict access to the WordPress REST API endpoints by implementing authentication requirements or IP whitelisting to prevent unauthorized retrieval of sensitive GET parameters. Web Application Firewalls (WAFs) can be configured to detect and block suspicious requests targeting the REST API that include the secret key parameter. Reviewing and minimizing the use of password-protected posts for highly sensitive data until the vulnerability is resolved is advisable. Monitoring logs for unusual access patterns to REST API endpoints can help detect exploitation attempts. Finally, organizations should educate content creators about the risks of sharing sensitive information via this plugin and encourage alternative secure sharing methods.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-5920: CWE-201 Insertion of Sensitive Information Into Sent Data in Sharable Password Protected Posts
Description
The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API.
AI-Powered Analysis
Technical Analysis
CVE-2025-5920 is a high-severity vulnerability affecting the WordPress plugin 'Sharable Password Protected Posts' prior to version 1.1.1. This plugin allows users to create password-protected posts that can be shared via a secret key. The vulnerability arises because the secret key, which is intended to restrict access to authorized users only, is transmitted as a GET parameter in URLs. More critically, this secret key is exposed through the WordPress REST API, which can be accessed without authentication. This exposure constitutes a CWE-201 weakness, where sensitive information is inserted into sent data, making it accessible to unauthorized parties. The CVSS 3.1 base score of 7.5 reflects a high severity due to the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), unchanged scope (S:U), and high impact on confidentiality (C:H) but no impact on integrity or availability (I:N/A:N). Exploiting this vulnerability allows an attacker to retrieve the secret key from the REST API and gain unauthorized access to password-protected posts without needing to guess or brute-force the password. This compromises the confidentiality of sensitive content intended to be restricted. Although no known exploits are currently reported in the wild, the ease of exploitation and the nature of the information exposed make this a significant risk. The vulnerability affects all versions before 1.1.1, with the affected version listed as '0' indicating initial releases or unpatched versions. No official patches or mitigation links are provided yet, emphasizing the need for immediate attention from site administrators using this plugin.
Potential Impact
For European organizations, especially those relying on WordPress sites with sensitive or confidential content shared via the Sharable Password Protected Posts plugin, this vulnerability poses a substantial risk to data confidentiality. Unauthorized disclosure of protected posts could lead to exposure of intellectual property, internal communications, or personal data, potentially violating GDPR and other privacy regulations. The breach of confidentiality could damage organizational reputation, lead to regulatory fines, and erode customer trust. Since the vulnerability requires no authentication or user interaction and can be exploited remotely over the network, attackers can easily automate data harvesting. This is particularly concerning for sectors such as finance, healthcare, legal, and government entities in Europe that often use password-protected posts to share sensitive information internally or with clients. The lack of impact on integrity and availability limits the threat to data leakage rather than system disruption, but the confidentiality breach alone is critical under European data protection frameworks.
Mitigation Recommendations
European organizations should immediately verify if their WordPress installations use the Sharable Password Protected Posts plugin and identify the version in use. If the plugin version is prior to 1.1.1, they should upgrade to the latest version as soon as it becomes available. In the absence of an official patch, administrators should consider disabling the plugin temporarily to prevent exposure. Additionally, organizations can restrict access to the WordPress REST API endpoints by implementing authentication requirements or IP whitelisting to prevent unauthorized retrieval of sensitive GET parameters. Web Application Firewalls (WAFs) can be configured to detect and block suspicious requests targeting the REST API that include the secret key parameter. Reviewing and minimizing the use of password-protected posts for highly sensitive data until the vulnerability is resolved is advisable. Monitoring logs for unusual access patterns to REST API endpoints can help detect exploitation attempts. Finally, organizations should educate content creators about the risks of sharing sensitive information via this plugin and encourage alternative secure sharing methods.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- WPScan
- Date Reserved
- 2025-06-09T13:28:28.737Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6867a4e56f40f0eb729fc16f
Added to database: 7/4/2025, 9:54:45 AM
Last enriched: 7/14/2025, 9:18:23 PM
Last updated: 7/14/2025, 9:18:23 PM
Views: 23
Related Threats
CVE-2025-4302: CWE-203 Observable Discrepancy in Stop User Enumeration
HighCVE-2025-7735: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in UNIMAX Hospital Information System
HighCVE-2025-7712: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in MangaBooth Madara - Core
CriticalCVE-2025-7729: Cross Site Scripting in Scada-LTS
MediumCVE-2025-5396: CWE-94 Improper Control of Generation of Code ('Code Injection') in Bearsthemes Bears Backup
CriticalActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.