CNNVD-202507-2600 Information

CNNVD ID

CNNVD-202507-2600

Related CVE

CVE-2025-54352

• CNNVD Published: 2025-07-21

Description (Chinese)

WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress 3.5至6.8.2版本存在安全漏洞，该漏洞源于对pingback.ping XML-RPC请求处理不当，可能导致私有和草稿文章标题被猜测。

Description (English)

WordPress is a blog platform developed by the WordPress Foundation in the PHP language. The platform supports the installation of personal blogs on PHP and MySQL servers. WordPress 3.5 to 6.8.2 has a security loophole, which stems from inappropriate handling of pingback.ping XML-RPC requests, which may lead to speculation on the titles of private and draft articles.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

WooCommerce

Published

2025-07-21

Last Modified

2026-02-24

References

https://www.imperva.com/blog/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts/ https://vigilance.fr/vulnerability/WordPress-Core-information-disclosure-via-ping-back-47758