CVE-2025-6745
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woodmart | woodmart | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WoodMart WordPress plugin allows unauthenticated attackers to access data from posts that are supposed to be restricted, such as password protected, private, or draft posts. It occurs because the woodmart_get_posts_by_query() function does not properly restrict which posts can be included, leading to unintended information exposure.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive or private content on a WordPress site using the WoodMart plugin. Attackers can extract data from protected posts without authentication, potentially exposing confidential information and compromising the privacy of the site and its users.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the WoodMart plugin for WordPress to a version later than 8.2.5 where the issue is fixed. Additionally, restrict access to the affected functions and monitor for unauthorized access attempts to private, password protected, or draft posts.