Low
CVSS 3.7
Overview
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.
CVE-2025-54352
WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private a...
Risk analysis
This vulnerability is rated 🟢 LOW.
- CVSS: 3.7 (LOW)
- Detected tags: wordpress (tag impact: LOW)
Recommended actions:
- Prioritize remediation based on business criticality and exposure.
- Limit exposure and increase monitoring until fixed.