CVE-2025-58246
MEDIUM4.3EPSS 0.04%wordpress - security update
描述
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
受影響套件(4)
- Bitnami/wordpressfrom 0, < 6.8.3
- Bitnami/wordpress-multisitefrom 0, < 6.8.3
- Debian/wordpressfrom 0, < 5.7.14+dfsg1-0+deb11u1
- Debian/wordpressfrom 0, < 6.8.3+dfsg1-0+deb13u1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
參考連結(5)
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-58246
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-58246
- WEBhttps://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve
- WEBhttps://patchstack.com/database/Wordpress/Wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability?_s_id=cve
- WEBhttps://wordpress.org/news/2025/09/wordpress-6-8-3-release/