Information Exposure Vulnerability in Liaison Site Prober Plugin for WordPress
CVE-2026-3569

5.3MEDIUM

Key Information:

Vendor

WordPress
Status
Liaison Site Prober
Vendor
CVE Published:
24 April 2026

What is CVE-2026-3569?

The Liaison Site Prober plugin for WordPress is susceptible to an information exposure vulnerability through its REST API endpoint, /wp-json/site-prober/v1/logs. This issue arises from the permissions_read() callback, which indiscriminately returns true without verifying user capabilities. As a result, this flaw allows unauthorized users to access sensitive audit log information, such as IP addresses, user IDs, usernames, login/logout events, and records of failed login attempts. This can significantly compromise the security of affected WordPress sites by revealing critical operational data.

Affected Version(s)

Liaison Site Prober 0 <= 1.2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/liaison-site-p...
https://plugins.trac.wordpress.org/browser/liaison-site-p...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Itthidej Aramsri
.