vulnerability
WordPress Plugin: jet-menu: CVE-2025-53987: Exposure of Sensitive Information to an Unauthorized Actor
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Jul 16, 2025 | Jul 23, 2025 | Apr 29, 2026 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Jul 16, 2025
Added
Jul 23, 2025
Modified
Apr 29, 2026
Description
The JetMenu plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.11.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data.
Solution
jet-menu-plugin-cve-2025-53987
References
- https://www.cve.org/CVERecord?id=CVE-2025-53987
- https://www.wordfence.com/threat-intel/vulnerabilities/id/4680ff56-43b9-47d1-8e28-1f6ad9038417?source=api-prod
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-25318
- CVE-2025-53987
- https://attackerkb.com/topics/CVE-2025-53987
- CWE-201
- EUVD-EUVD-2025-25318
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.