Sensitive Data Exposure in NerdPress Social Pug Plugin
CVE-2025-58007

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Social Pug
Vendor: CVE Published:; 22 September 2025

What is CVE-2025-58007?

A vulnerability exists in the NerdPress Social Pug plugin that allows attackers to access sensitive embedded data. This exposure can lead to unauthorized retrieval of critical information, potentially compromising user data and the integrity of the affected WordPress site. The flaw affects all versions of the Social Pug plugin up to and including 1.35.1. Admins are encouraged to review their security measures to safeguard against this vulnerability.

Affected Version(s)

Social Pug <= 1.35.1

References

https://patchstack.com/database/wordpress/plugin/social-p...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2025
Vulnerability Reserved
Aug 22, 2025

Credit

Que Thanh Tuan - Blue Rock (Patchstack Alliance)

JSON