CVE-2025-54352

Low

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE:…

mitre·CWE-669·Published 2025-07-21

CVSS

3.7

EPSS

0.00

KEV

Exploits

cve.orgen

180 chars

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.

NVDen

180 chars

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.

WordPress 3.5 a 6.8.2 permite a atacantes remotos adivinar los títulos de publicaciones privadas y borradores mediante solicitudes XML-RPC pingback.ping. NOTA: El proveedor no está modificando este comportamiento.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	3.7	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	NVD	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N