Skip to content
Medium Published: Dec 16, 2025 Modified: Dec 16, 2025

CVE-2025-13741

4.3 CVSS Score Medium
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Export CVE-2025-13741 Data:
Share:
Link copied!

Description

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to retrieve emails for all users with edit_posts capability.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Weaknesses (CWE)

  • CWE-862

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2005-3623 CVSS 0 Same weakness: CWE-862 CVE-2006-4483 CVSS 0 Same weakness: CWE-862 CVE-2008-6548 CVSS 0 Same weakness: CWE-862 CVE-2009-2282 CVSS 0 Same weakness: CWE-862 CVE-2009-3168 CVSS 7.2 Same weakness: CWE-862

CVE History Timeline

Dec 16, 2025 12:15 New CVE Received
← Back to CVE Tracker