CVE-2025-9987
published 2026-05-13CVE-2025-9987: The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta()…
PriorityP429medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.27%
18.5th percentile
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadstreetads | broadstreet | <= 1.53.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
Nuclei
Wazuh - Unsafe Deserialization Remote Code Execution
nuclei·CVSS 9.9
CVE-2025-24016 [CRITICAL] Wazuh - Unsafe Deserialization Remote Code Execution
Wazuh - Unsafe Deserialization Remote Code Execution
A critical Remote Code Execution (RCE) vulnerability exists in Wazuh server versions >= 4.4.0 and = 4.4.0 and = 4.9.1 where this vulnerability has been patched. If immediate upgrade is not possible: Restrict API access to trusted IP addresses only, implement network segmentation to isolate Wazuh servers, monitor for suspicious API requests to the /security/user/authenticate/run_as endpoint, and consider implementing a Web Application Firewall (WAF) to filter malicious requests.
reference:
- https://github.com/MuhammadWaseem29/CVE-2025-24016
- https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
- https://nvd.nist.gov/vuln/detail/CVE-2025-24016
classification:
epss-score: 0.93874
epss-percentile: 0.9987
cvss-metrics: CV
No writeups or analysis indexed.
2026-05-13
Published