WordPress Plugin Vulnerabilities

Getwid < 2.1.3 - Authenticated (Contributor+) Sensitive Information Exposure

Description

The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
getwid
Fixed in 2.1.3

References

CVE
CVE-2025-58252
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/64f4789e-bbe7-4c07-86c6-f2767d6e1901

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
MD ISMAIL
Verified
No
WPVDB ID
1c7955ec-ac72-45a9-bb5b-6f02d3aff2ca

Timeline

Publicly Published
2025-09-22 (about 8 months ago)
Added
2025-09-26 (about 8 months ago)
Last Updated
2025-10-08 (about 7 months ago)

Other

Published
Title
Published
2025-11-09
Title
WooCommerce Ultimate Points And Rewards < 2.10.3 - Authenticated (Subscriber+) Information Exposure
Published
2023-10-12
Title
WP < 6.3.2 - Contributor+ Comment Disclosure
Published
2026-01-05
Title
Shortcodes and extra features for Phlox theme < 2.17.14 - Unauthenticated Draft Posts Information Exposure
Published
2025-03-10
Title
Qubely < 1.8.14 - Contributor+ Sensitive Information Exposure
Published
2025-09-26
Title
The Tribal < 1.3.4 - Unauthenticated Sensitive Information Exposure