CVE-2025-6786 MEDIUM

CVE-2025-6786: DocCheck Login <= 1.1.5 - Unauthorized Post Access

Vendor Antwerpes
Product DocCheck Login
Weakness CWE-284
Published July 4, 2025
Last update April 8, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.

Explanation of Vulnerability in Simple Terms

02Summary

DocCheck Login versions up to 1.1.5 contain an access control flaw that allows unauthenticated attackers to read limited sensitive information over the network. The vulnerability requires no user interaction and no special configuration. An attacker can retrieve data without authentication, though the impact is restricted to confidentiality.

What an attacker can do

03Attacker Capabilities

Read limited sensitive information without logging in.

Potential impact on your site

04Site Impact

Sensitive data may be exposed to unauthenticated visitors if DocCheck Login is deployed.

Conditions required to exploit

05Prerequisites

Network access to the affected DocCheck Login instance; no authentication required.

Key dates

06Disclosure timeline

July 4, 2025 CVE published
April 8, 2026 Record updated