CVE-2025-7368 MEDIUM

CVE-2025-7368: Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure

Vendor Sizam
Product REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme
Weakness CWE-200 · Info exposure
Published September 6, 2025
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_getfullcontent' function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to.

Key dates

02Disclosure timeline

September 6, 2025 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-23743 Discourse allows permalinks to restricted resources to leak resource slugs to unauthorized users CVE-2024-2080 LiquidPoll – Polls, Surveys, NPS and Feedback Reviews <= 3.3.76 - Information Exposure CVE-2023-51406 WordPress FastDup Plugin <= 2.1.7 is vulnerable to Sensitive Data Exposure CVE-2026-33627 Parse Server: Auth data exposed via /users/me endpoint CVE-2024-8483 MAS Static Content <= 1.0.8 - Authenticated (Contributor+) Private Static Content Page Disclosure