CVE-2025-58246
wordpress - security update
Description
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
How to fix CVE-2025-58246
To remediate CVE-2025-58246, upgrade the affected package to a fixed version below.
- —upgrade to 6.8.3 or later
- —upgrade to 6.8.3 or later
- —upgrade to 5.7.14+dfsg1-0+deb11u1 or later
- —upgrade to 6.8.3+dfsg1-0+deb13u1 or later
Is CVE-2025-58246 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (4)
- from 0, < 6.8.3
- from 0, < 6.8.3
- from 0, < 5.7.14+dfsg1-0+deb11u1
- from 0, < 6.8.3+dfsg1-0+deb13u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |