vulnerability

WordPress Plugin: doccheck-login: CVE-2025-6786: Improper Access Control

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Jul 3, 2025	Jul 28, 2025	Jul 28, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Jul 3, 2025

Added

Jul 28, 2025

Modified

Jul 28, 2025

Description

The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.

Solution

doccheck-login-plugin-cve-2025-6786

References

URL-https://www.cve.org/CVERecord?id=CVE-2025-6786
URL-https://www.wordfence.com/threat-intel/vulnerabilities/id/0739b5ec-b1c4-4451-97c1-f8d5ed26a2d5?source=api-prod
CVE-2025-6786
https://attackerkb.com/topics/CVE-2025-6786
CWE-284

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today