Custom Related Posts < 1.8.1 – Unauthenticated Information Exposure | CVE 2025-68033

Affects Plugins

custom-related-posts

Fixed in 1.8.1

References

CVE

CVE-2025-68033

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/4df9918b-7201-4cd7-978d-4a1fa207a97c

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CWE-200

CVSS

5.3 (medium)

Miscellaneous

Original Researcher

MD ISMAIL

Verified

No

WPVDB ID

960ef025-0f9d-4d6a-b69f-4fa143a03bf3

Timeline

Publicly Published

2025-12-25 (about 5 months ago)

Added

2026-01-14 (about 4 months ago)

Last Updated

2026-01-27 (about 3 months ago)

Other

Published

Title

Published

2025-04-11

Title

Cart66 Cloud <= 2.3.7 - Unauthenticated Information Exposure

Published

2024-06-19

Title

phpinfo() WP < 6.0 - Unauthenticated Information Exposure

Published

2024-12-16

Title

ElementsReady Addons for Elementor < 6.4.9 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

Published

2025-11-07

Title

Academy LMS Pro < 3.3.9 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script'

Published

2025-02-04

Title

WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto < 8.0.9 - Unauthenticated Sensitive Information Exposure