CVE-2026-25023
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7.
AnalysisAI
The ContestsWP plugin versions 2.0.7 and earlier expose sensitive embedded data through improper access controls, allowing unauthenticated attackers to retrieve information from the contest-code-checker component. This low-impact information disclosure affects WordPress sites running vulnerable versions of the Run Contests, Raffles, and Giveaways plugin. No patch is currently available to remediate this exposure.
Technical ContextAI
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsWP contest-code-checker allows Retrieve Embedded Sensitive Data.This issue affects Run Contests, Raffles, and Giveaways with ContestsWP: from n/a through <= 2.0.7.
Affected ProductsAI
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in mdedev Run Contests, Raffles, and Giveaways with ContestsW
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today