关键信息 漏洞描述 漏洞名称: Sharable Password Protected Posts < 1.1.1 - Unauthenticated Password Protect Post Access 描述: 插件通过在GET参数中提供密钥允许访问密码保护的帖子,但密钥被REST API暴露。 影响插件 插件名称: sharable-password-protected-posts 修复版本: 1.1.1 参考信息 CVE编号: CVE-2025-5920 分类 类型: SENSITIVE DATA DISCLOSURE OWASP Top 10: A3: Sensitive Data Exposure CWE编号: CWE-200 CVSS评分: 7.5 (高) 时间线 公开发布日期: 2025-06-13 添加日期: 2025-06-13 最后更新日期: 2025-07-04 其他相关漏洞 Awesome Support: WordPress HelpDesk & Support Plugin < 6.3.2 - Unauthenticated Sensitive Information Exposure Through Unprotected Directory Order Delivery Date Pro for WooCommerce: < 12.6.0 - Unauthenticated Arbitrary Post Title Disclosure AIO Performance Profiler, Monitor, Optimize, Compress & Debug: <= 1.3 - Unauthenticated Sensitive Information Exposure Helpful: < 4.5.26 - Information Disclosure Essential Addons for Elementor: Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders < 6.0.10 - Authenticated (Author+) Sensitive Information Exposure to Privilege Escalation