WordPress Plugin Vulnerabilities

Broadstreet < 1.53.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

Description

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get_sponsored_meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to disclose any private post metadata.

Affects Plugins

Fixed in 1.53.2

References

Classification

Type
IDOR
CWE

Miscellaneous

Original Researcher
Tarcísio Luchesi De Almeida Silva (Poystick)
Verified
No

Timeline

Publicly Published
2026-05-20 (about 1 month ago)
Added
2026-05-20 (about 1 month ago)
Last Updated
2026-05-21 (about 1 month ago)

Other