CVE-2025-14437

High CVSS: 7.5

The Hummingbird Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.18.0 via the 'request' function. This makes it possible for unauthenticated attackers to extract sensitive data including Cloudflare API credentials.

Vendor

Product

CWE

CWE-532

Yayın Tarihi

2025-12-18 13:15:47

Güncelleme

2025-12-18 15:07:18

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-532 HIGH 2025

Referanslar

https://plugins.trac.wordpress.org/changeset/3421187/hummingbird-performance https://www.wordfence.com/threat-intel/vulnerabilities/id/8755ab3f-ee77-44ea-8620-590f1f1cb333?source=cve