CVE-2025-57937
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in etruel WPeMatico RSS Feed Fetcher wpematico allows Retrieve Embedded Sensitive Data.This issue affects WPeMatico RSS Feed Fetcher: from n/a through <= 2.8.10.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-57937
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress wpmatico *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in the WPeMatico RSS Feed Fetcher Plugin (up to version 2.8.10) allows a malicious user with subscriber-level access to retrieve sensitive system information that should normally be restricted. It is classified as a Sensitive Data Exposure issue due to broken access control, meaning unauthorized users can access embedded sensitive data within the system. [1]

Impact Analysis

The vulnerability can lead to exposure of sensitive information to unauthorized users with low-level privileges. While the severity is low and exploitation is unlikely, this exposure could potentially be used to exploit other system weaknesses, increasing the risk of further attacks or data breaches. [1]

Detection Guidance

There are no specific detection commands or network indicators provided for this vulnerability. Detection would involve verifying if the WPeMatico RSS Feed Fetcher plugin version is up to and including 2.8.10 and monitoring for unauthorized access attempts by subscriber-level users to sensitive data. [1]

Mitigation Strategies

Immediate mitigation steps include applying virtual patching as recommended by Patchstack, monitoring for updates or official patches, restricting subscriber-level user privileges where possible, and closely monitoring access to sensitive information. Since no official fix is available yet, virtual patching is the primary recommended defense. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-57937. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart