CVE-2025-5920
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-01-13
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabiantodt | private_post_share | to 1.1.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-5920 is a vulnerability in the WordPress plugin "Sharable Password Protected Posts" versions prior to 1.1.1. The plugin protects posts by requiring a secret key passed as a GET parameter to access password-protected posts. However, this secret key is exposed through the WordPress REST API in the meta field `_sppp_key`. An attacker can retrieve this key by querying the REST API and then use it to bypass the password protection and view the protected content without authentication. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker to access password-protected posts without authentication by obtaining the secret key from the REST API. This means sensitive or restricted content intended to be protected by a password can be viewed by unauthorized users, leading to potential data exposure and privacy breaches. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to unauthorized disclosure of sensitive data, which may result in non-compliance with data protection regulations such as GDPR and HIPAA. Exposing protected content without proper access controls violates principles of data confidentiality and could lead to regulatory penalties. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by querying the WordPress REST API endpoint for posts and checking if the secret key `_sppp_key` is exposed in the meta fields. For example, use a command like: curl -s https://yourwordpresssite.com/wp-json/wp/v2/posts/[post_id] | grep _sppp_key. If the key is present, the site is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Sharable Password Protected Posts plugin to version 1.1.1 or later, where this vulnerability has been fixed. Until then, consider restricting access to the REST API or disabling the plugin if possible to prevent exposure of the secret key. [1]