CVE-2025-1528

Name of the Vulnerable Software and Affected Versions: Search & Filter Pro plugin for WordPress versions prior to 2.5.20

Description: The issue allows unauthorized access to data due to a missing capability check on the get meta values function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the values of arbitrary post meta.

Recommendations: For versions up to and including 2.5.19, update to version 2.5.20 or later to resolve the issue. As a temporary workaround, consider restricting access to the get meta values function until a patch is available.