CVE-2025-10645

Medium CVSS: 5.3

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WF_Licensing::log() method when debugging is enabled (default). This makes it possible for unauthenticated attackers to extract sensitive license key and site data.

Vendor

Product

CWE

CWE-532

Yayın Tarihi

2025-10-07 09:15:32

Güncelleme

2025-10-08 19:38:32

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-532 MEDIUM 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3364169/ https://www.wordfence.com/threat-intel/vulnerabilities/id/86741f4a-8700-45dd-8998-b3f0387c27ed?source=cve