Unauthorized Data Access in Feedback Modal for Website Plugin by WordPress
CVE-2025-13528

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Feedback Modal For Website
Vendor: CVE Published:; 5 December 2025

What is CVE-2025-13528?

The Feedback Modal for Website plugin for WordPress contains a vulnerability that allows unauthorized users to access sensitive data. The issue arises from a lack of capability checks in the 'handle_export' function, which affects all versions up to and including 1.0.1. This flaw enables unauthenticated attackers to exploit the 'export_data' parameter, leading to the potential export of all feedback data in formats such as CSV or JSON. Users of the plugin should take immediate action to mitigate this risk and secure their data.

Affected Version(s)

Feedback Modal for Website * <= 1.0.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/feedback-modal...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

Abhirup Konwar

JSON