CVE-2025-55710 MEDIUM

CVE-2025-55710: WordPress TaxoPress Plugin <= 3.37.2 - Sensitive Data Exposure Vulnerability

Vendor Steve Burge
Product TaxoPress
Weakness CWE-201
Published August 14, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Insertion of Sensitive Information Into Sent Data vulnerability in Steve Burge TaxoPress simple-tags allows Retrieve Embedded Sensitive Data.This issue affects TaxoPress: from n/a through <= 3.37.2.

Explanation of Vulnerability in Simple Terms

02Summary

TaxoPress versions up to 3.37.2 expose sensitive information to authenticated users. A logged-in user with low privileges can read data they should not have access to. The vulnerability requires an active user account but no special interaction. Update to a version newer than 3.37.2 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Read sensitive information accessible only to higher-privilege users.

Potential impact on your site

04Site Impact

Authenticated users can access confidential data beyond their permission level.

Conditions required to exploit

05Prerequisites

Attacker must have a valid user account with low privileges on the site.

Key dates

06Disclosure timeline

August 14, 2025 CVE published
April 28, 2026 Record updated