CVE-2025-54352 — Incorrect Resource Transfer Between Spheres in Wordpress

CWE-669 — Incorrect Resource Transfer Between Spheres5 documents5 sources

Severity

3.7LOWNVD

EPSS

0.1%

top 79.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress

Timeline

PublishedJul 21

Description

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5wordpress/wordpress3.5 — 6.8.2

🔴Vulnerability Details

GHSA

GHSA-585c-5qcq-7fgc: WordPress 3↗2025-07-21

▶

CVEList

CVE-2025-54352: WordPress 3↗2025-07-21

▶

OSV

CVE-2025-54352: WordPress 3↗2025-07-21

▶

📋Vendor Advisories

Debian

CVE-2025-54352: wordpress - WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private a...↗2025

▶