WordPress Plugin Vulnerabilities

Hubbub Lite < 1.36.0- Subscriber+ Sensitive Information Exposure

Description

The plugin is vulnerable to Sensitive Information Exposure. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Plugin icon
social-pug
Fixed in 1.36.0

References

CVE
CVE-2025-58007
URL
https://patchstack.com/database/wordpress/plugin/social-pug/vulnerability/wordpress-social-pug-plugin-1-35-1-sensitive-data-exposure-vulnerability

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Que Thanh Tuan - Blue Rock
Verified
No
WPVDB ID
abeb8a11-5929-41f4-996f-aa6a93aca742

Timeline

Publicly Published
2025-09-22 (about 9 months ago)
Added
2025-09-26 (about 8 months ago)
Last Updated
2025-10-07 (about 8 months ago)

Other

Published
Title
Published
2025-09-15
Title
The Events Calendar < 6.15.3 - Unauthenticated Password-Protected Information Disclosure
Published
2025-07-16
Title
JetBlocks For Elementor < 1.3.19 - Authenticated (Subscriber+) Information Disclsoure
Published
2025-07-23
Title
AI Engine < 2.9.5 - Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions
Published
2025-04-17
Title
wpLike2Get <= 1.2.9 - Unauthenticated Information Exposure
Published
2025-11-10
Title
Document Pro Elementor – Documentation & Knowledge Base <= 1.0.9 - Unauthenticated Information Exposure