UBUNTU-CVE-2025-58246
- Source
- https://ubuntu.com/security/CVE-2025-58246
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-58246.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2025-58246
- Upstream
- Published
- 2025-09-23T18:15:00Z
- Modified
- 2026-05-20T16:23:37.674314822Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Insertion of Sensitive Information Into Sent Data vulnerability in WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is already working on a fix. This is a low-severity vulnerability. Contributor-level privileges required in order to exploit it. This issue affects WordPress: from 6.8 through 6.8.2, from 6.7 through 6.7.3, from 6.6 through 6.6.3, from 6.5 through 6.5.6, from 6.4 through 6.4.6, from 6.3 through 6.3.6, from 6.2 through 6.2.7, from 6.1 through 6.1.8, from 6.0 through 6.0.10, from 5.9 through 5.9.11, from 5.8 through 5.8.11, from 5.7 through 5.7.13, from 5.6 through 5.6.15, from 5.5 through 5.5.16, from 5.4 through 5.4.17, from 5.3 through 5.3.19, from 5.2 through 5.2.22, from 5.1 through 5.1.20, from 5.0 through 5.0.23, from 4.9 through 4.9.27, from 4.8 through 4.8.26, from 4.7 through 4.7.30.
- References
Affected packages
Ubuntu:16.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.3+dfsg-1
4.3.1+dfsg-1
4.4+dfsg-1
4.4.1+dfsg-1
4.4.2+dfsg-1
4.4.2+dfsg-1ubuntu1
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentyfifteen",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentyfourteen",
"binary_version": "4.4.2+dfsg-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentysixteen",
"binary_version": "4.4.2+dfsg-1ubuntu1"
}
]
}Ubuntu:18.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
4.*
4.8.2+dfsg-2
4.8.3+dfsg-1
4.9.1+dfsg-1
4.9.2+dfsg-1
4.9.4+dfsg-1
4.9.5+dfsg1-1
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-theme-twentyfifteen",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-theme-twentyseventeen",
"binary_version": "4.9.5+dfsg1-1"
},
{
"binary_name": "wordpress-theme-twentysixteen",
"binary_version": "4.9.5+dfsg1-1"
}
]
}Ubuntu:20.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentynineteen",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentyseventeen",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentysixteen",
"binary_version": "5.3.2+dfsg1-1ubuntu1"
}
]
}Ubuntu:22.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
5.*
5.7.1+dfsg1-2ubuntu1
5.8.1+dfsg1-2ubuntu1
5.8.2+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1
5.8.3+dfsg1-1ubuntu1.1
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-theme-twentynineteen",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-theme-twentytwenty",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
},
{
"binary_name": "wordpress-theme-twentytwentyone",
"binary_version": "5.8.3+dfsg1-1ubuntu1.1"
}
]
}Ubuntu:24.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentyfour",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentythree",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentytwo",
"binary_version": "6.4.3+dfsg1-1ubuntu1"
}
]
}Ubuntu:25.10
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentyfive",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentyfour",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
},
{
"binary_name": "wordpress-theme-twentytwentythree",
"binary_version": "6.7.2+dfsg1-1.1ubuntu1"
}
]
}Ubuntu:26.04:LTS
wordpress
Package
- Name
- wordpress
- Purl
- pkg:deb/ubuntu/wordpress?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "wordpress",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-l10n",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-theme-twentytwentyfive",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-theme-twentytwentyfour",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
},
{
"binary_name": "wordpress-theme-twentytwentythree",
"binary_version": "6.7.2+dfsg1-1.1ubuntu2"
}
]
}