{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6786", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-27T12:44:15.802Z", "datePublished": "2025-07-04T01:43:59.455Z", "dateUpdated": "2026-04-08T16:33:56.767Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:33:56.767Z"}, "affected": [{"vendor": "antwerpes", "product": "DocCheck Login", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to."}], "title": "DocCheck Login <= 1.1.5 - Unauthorized Post Access", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0739b5ec-b1c4-4451-97c1-f8d5ed26a2d5?source=cve"}, {"url": "https://wordpress.org/plugins/doccheck-login/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3332723%40doccheck-login&new=3332723%40doccheck-login&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-07-03T12:24:08.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-07T19:46:39.837468Z", "id": "CVE-2025-6786", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-08T17:39:53.416Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6786", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-07T19:46:39.837468Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-07T19:46:41.227Z"}}], "cna": {"title": "DocCheck Login <= 1.1.5 - Unauthorized Post Access", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "antwerpes", "product": "DocCheck Login", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.1.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-03T12:24:08.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0739b5ec-b1c4-4451-97c1-f8d5ed26a2d5?source=cve"}, {"url": "https://wordpress.org/plugins/doccheck-login/"}], "descriptions": [{"lang": "en", "value": "The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-07-04T01:43:59.455Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6786", "state": "PUBLISHED", "dateUpdated": "2025-07-08T17:39:53.416Z", "dateReserved": "2025-06-27T12:44:15.802Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-04T01:43:59.455Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to."}, {"lang": "es", "value": "El complemento DocCheck Login para WordPress es vulnerable al acceso no autorizado a publicaciones en todas las versiones hasta la 1.1.5 incluida. Esto se debe a que el complemento redirige al usuario para que inicie sesi\u00f3n en una publicaci\u00f3n protegida con contrase\u00f1a despu\u00e9s de que la p\u00e1gina se haya cargado. Esto permite que atacantes no autenticados lean publicaciones a las que no deber\u00edan tener acceso."}], "id": "CVE-2025-6786", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-04T03:15:23.237", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3332723%40doccheck-login&new=3332723%40doccheck-login&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/doccheck-login/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0739b5ec-b1c4-4451-97c1-f8d5ed26a2d5?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:44:44.703595+00:00", "value": {"mitigation_remediation": ["Upgrade the DocCheck Login plugin to version 1.1.6 or later.", "If an upgrade is not immediately possible, remove the plugin from the site to eliminate the untrusted code path. ", "If removal is impractical, limit exposure by disabling access to password\u2011protected posts until the patch can be applied."], "summary": {"action": "Patch", "impact": "Unauthorized reading of password\u2011protected posts"}, "threat_synthesis": {"affected_systems": "The vulnerability affects WordPress installations that use the antwerpes DocCheck Login plugin versions 1.1.5 and earlier. Current releases of the plugin (from 1.1.6 onwards) contain the fix.", "description_and_impact": "The DocCheck Login plugin contains a flaw that allows unauthenticated users to access posts that should be protected, resulting in disclosure of confidential content. The weakness is driven by improper access control (CWE\u2011284) where the plugin redirects a user to a login form after the protected page has loaded, enabling attackers to view the page before authentication can be enforced.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate impact; the EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the issue is not listed in the CISA KEV catalog. Attackers would need to request a password\u2011protected post from a site running the vulnerable plugin and, due to the redirect behavior, can view the post\u2019s content before being prompted for credentials. The flaw is exploitable without any user interaction beyond accessing the URL."}}}}, "created": "2025-07-13T21:47:36.270208+00:00", "updated": "2026-04-22T14:45:19.296318+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}