PT-2026-40558 · WordPress · Broadstreet
Greenhats
·
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2025-9987
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Broadstreet versions prior to 1.53.2
Description
The Broadstreet plugin for WordPress contains a sensitive information exposure flaw. Authenticated attackers with subscriber-level access or higher can extract data from private and password-protected business details through the 'get sponsored meta()' AJAX action.
Recommendations
Update the plugin to a version later than 1.53.1.
As a temporary workaround, restrict access to the
get sponsored meta() AJAX action to minimize the risk of exploitation.Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Broadstreet