Sharable Password Protected Posts < 1.1.1 – Unauthenticated Password Protect Post Access | CVE 2025-5920 | Plugin Vulnerabilities

Description

The plugin allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API.

Proof of Concept

1. Create a new password protected post and enable the "Share post via secret URL" option.
2. As an attacker browse to `/wp-json/wp/v2/posts/[post_id]` and note the value of meta field:  `_sppp_key`
3. Browse to the post: it is protected.
4. Add `?_sppp_key=[key]` to the URL: you can see the post.

Affects Plugins

sharable-password-protected-posts

Fixed in 1.1.1

References

CVE

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Pierre Rudloff

Submitter

Pierre Rudloff

Verified

Yes

WPVDB ID

dddd6074-1e1f-441f-86f7-316c30262c70

Timeline

Publicly Published

2025-06-13 (about 6 months ago)

Added

2025-06-13 (about 6 months ago)

Last Updated

2025-07-04 (about 5 months ago)

Other

Published

Title

Published

2021-03-26

Title

AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage

Published

2025-12-19

Title

Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin < 2.11.1 - Unauthenticated Sensitive Information Exposure

Published

2023-09-13

Title

Booster for WooCommerce < 7.1.1 - Subscriber+ Sensitive Information Disclosure

Published

2025-11-04

Title

KiotViet Sync <= 1.8.5 - Unauthenticated Webhook Key Exposure

Published

2024-02-02

Title

LearnDash LMS < 4.10.2 - Sensitive Information Exposure via API