CVE-2025-58246
MEDIUM4.3EPSS 0.04%WordPress <= 6.8.2 - (Contributor+) Sensitive Data Exposure Vulnerability
Description
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
Affected packages (4)
- Bitnami/wordpressfrom 0, < 6.8.3
- Bitnami/wordpress-multisitefrom 0, < 6.8.3
- Debian/wordpressfrom 0, < 5.7.14+dfsg1-0+deb11u1
- Debian/wordpressfrom 0, < 6.8.3+dfsg1-0+deb13u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References (5)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-58246
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-58246
- WEBhttps://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve
- WEBhttps://patchstack.com/database/Wordpress/Wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve
- WEBhttps://wordpress.org/news/2025/09/wordpress-6-8-3-release/