Information Exposure in WP Recipe Maker Plugin by WordPress
CVE-2025-15527

4.3MEDIUM

Key Information:

Vendor

WordPress
Status
WP Recipe Maker
Vendor
CVE Published:
16 January 2026

What is CVE-2025-15527?

The WP Recipe Maker plugin for WordPress allows authenticated attackers, with Contributor-level access or higher, to access sensitive information from posts that they should not be able to view or edit. This vulnerability arises from insufficient restrictions in the api_get_post_summary function, making it possible for these attackers to retrieve data from password-protected, private, or draft posts, exposing sensitive information and potentially compromising user privacy.

Affected Version(s)

WP Recipe Maker * <= 10.2.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/wp-recipe-make...
https://plugins.trac.wordpress.org/browser/wp-recipe-make...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dmitrii Ignatyev
JSON
.