CVE-2025-13660 | rcatheme Guest Support Plugin up to 1.2.3 on WordPress AJAX Endpoint guest_support_handler Request information disclosure

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability marked as problematic has been reported in rcatheme Guest Support Plugin up to 1.2.3 on WordPress. This affects the function guest_support_handler of the component AJAX Endpoint. This manipulation of the argument Request with the input get_users causes information disclosure.

This vulnerability is handled as CVE-2025-13660. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-13660 | rcatheme Guest Support Plugin up to 1.2.3 on WordPress AJAX Endpoint guest_support_handler Request information disclosure

Post correlati

CVE-2024-10022 | code-projects Pharmacy Management System 1.0 manage_supplier.php?action=search text sql injection

CVE-2024-22212 | NextCloud Global Site Selector up to 1.4.0/2.1.1/2.3.3/2.4.4 authentication bypass (GHSA-vj5q-f63m-wp77)

CVE-2024-44540 | Ubiquiti AirMax 8 UART Debugging Port privileges management

CVE-2025-21105 | Dell RecoverPoint for VMs 6.0 SP1/6.0 SP1 P1/6.0 SP1 P2 Configuration access control (dsa-2025-101)