DEBIAN-CVE-2025-58246
- Source
- https://security-tracker.debian.org/tracker/CVE-2025-58246
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-58246.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-58246
- Upstream
- Downstream
- Published
- 2025-09-23T18:15:37.660Z
- Modified
- 2025-12-10T01:15:38.711537Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
- References
Affected packages
Debian:11 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed5.7.14+dfsg1-0+deb11u1
Debian:12 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Debian:13 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source
Debian:14 / wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/debian/wordpress?arch=source