Unauthorized Data Access in Search & Filter Pro Plugin for WordPress
CVE-2025-1528

4.3MEDIUM

Key Information:

Vendor: Search & Filter
Status: Search & Filter Pro
Vendor: CVE Published:; 14 March 2025

Summary

The Search & Filter Pro plugin for WordPress is susceptible to unauthorized data exposure due to a failure to implement adequate capability checks in the 'get_meta_values' function. This vulnerability allows attackers with Subscriber-level access and higher to access and read arbitrary post meta values, potentially compromising sensitive information stored in the database. It is crucial for users of the affected versions to upgrade to the latest version to mitigate this risk effectively.

Affected Version(s)

Search & Filter Pro * <= 2.5.19

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://searchandfilter.com/search-filter-2-5-20-security...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 14, 2025
Vulnerability Reserved
Feb 20, 2025

Credit

Tom Broucke