{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13660", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-25T16:08:54.521Z", "datePublished": "2025-12-12T06:32:56.540Z", "dateUpdated": "2026-04-08T16:32:26.697Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:26.697Z"}, "affected": [{"vendor": "rcatheme", "product": "Guest Support", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This makes it possible for unauthenticated attackers to enumerate user accounts and extract email addresses via the guest_support_handler=ajax endpoint with the request=get_users parameter."}], "title": "Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01299aba-0dff-47fd-9e90-ee84f00a0f3b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/guest-support/trunk/includes/library/ajax.php#L22"}, {"url": "https://plugins.trac.wordpress.org/browser/guest-support/tags/1.2.3/includes/library/ajax.php#L22"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3412822%40guest-support&new=3412822%40guest-support&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "cweId": "CWE-200", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Md. Moniruzzaman Prodhan"}], "timeline": [{"time": "2025-11-25T16:24:03.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-11T18:29:24.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-18T17:10:24.759328Z", "id": "CVE-2025-13660", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T17:10:30.799Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13660", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-18T17:10:24.759328Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-18T17:10:27.631Z"}}], "cna": {"title": "Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint", "credits": [{"lang": "en", "type": "finder", "value": "Md. Moniruzzaman Prodhan"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "rcatheme", "product": "Guest Support", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.2.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-11-25T16:24:03.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-11T18:29:24.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01299aba-0dff-47fd-9e90-ee84f00a0f3b?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/guest-support/trunk/includes/library/ajax.php#L22"}, {"url": "https://plugins.trac.wordpress.org/browser/guest-support/tags/1.2.3/includes/library/ajax.php#L22"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3412822%40guest-support&new=3412822%40guest-support&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This makes it possible for unauthenticated attackers to enumerate user accounts and extract email addresses via the guest_support_handler=ajax endpoint with the request=get_users parameter."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-12T06:32:56.540Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13660", "state": "PUBLISHED", "dateUpdated": "2025-12-18T17:10:30.799Z", "dateReserved": "2025-11-25T16:08:54.521Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T06:32:56.540Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This makes it possible for unauthenticated attackers to enumerate user accounts and extract email addresses via the guest_support_handler=ajax endpoint with the request=get_users parameter."}], "id": "CVE-2025-13660", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T07:15:44.373", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/guest-support/tags/1.2.3/includes/library/ajax.php#L22"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/guest-support/trunk/includes/library/ajax.php#L22"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3412822%40guest-support&new=3412822%40guest-support&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/01299aba-0dff-47fd-9e90-ee84f00a0f3b?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T16:13:18.052682+00:00", "value": {"mitigation_remediation": ["Update Guest Support to the latest version that resolves the issue.", "If an update is not feasible, disable the guest_support_handler AJAX endpoint or deactivate the plugin entirely.", "Add firewall or rule to block unauthenticated requests to guest_support_handler=ajax?request=get_users to prevent exploitation."], "summary": {"action": "Update Plugin", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Versions of the Guest Support plugin from rcatheme up to and including 1.2.3 are affected. Any WordPress site running these plugin versions without applied patches is vulnerable to the described email disclosure.", "description_and_impact": "The Guest Support plugin for WordPress includes an unauthenticated AJAX endpoint that allows anyone to search for and retrieve user email addresses. This vulnerability, identified as CWE-200, enables attackers to enumerate user accounts and extract email addresses using the guest_support_handler=ajax endpoint with the request=get_users parameter. The result is a disclosure of potentially sensitive personal information and exposure of user identity data.", "risk_and_exploitability": "The CVSS score of 5.3 indicates a moderate severity. The EPSS score of less than 1% suggests a low likelihood of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers are believed to exploit this weakness by sending unauthenticated HTTP requests to the guest_support_handler endpoint, with the request=get_users parameter, to harvest email addresses. No authentication or capability checks are performed, making the exploit straightforward for anyone with network access to the site."}}}}, "created": "2025-12-14T21:17:06.348927+00:00", "updated": "2026-04-22T16:15:21.792772+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}