CVE-2025-58866 LOW

CVE-2025-58866: WordPress Site Info Plugin <= 1.1 - Sensitive Data Exposure Vulnerability

Vendor Rami Yushuvaev
Product Site Info
Weakness CWE-497
Published September 5, 2025
Last update May 12, 2026

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through <= 1.1.

Explanation of Vulnerability in Simple Terms

02Summary

Site Info versions 1.1 and earlier expose sensitive information to authenticated administrators. An admin with high privileges can read non-public site details through the application. The exposure is limited to confidentiality; no data modification or service disruption occurs. Update to a version newer than 1.1 when available.

What an attacker can do

03Attacker Capabilities

Read sensitive site information if they have high-level admin access.

Potential impact on your site

04Site Impact

Admins with elevated privileges can access information they shouldn't; risk is low if admin accounts are well-controlled.

Conditions required to exploit

05Prerequisites

Attacker must be authenticated as a high-privilege administrator; no user interaction required.

Key dates

06Disclosure timeline

September 5, 2025 CVE published
May 12, 2026 Record updated

Related vulnerabilities

08Related CVE