What is the CVSS score of EUVD-2025-19963?

EUVD-2025-19963 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.1%.

Which versions of Private Post Share are affected by EUVD-2025-19963?

Sharable Password Protected Posts plugin contains a high-severity authentication bypass vulnerability (CVE-2025-5920) affecting versions before 1.1.1 that could allow unauthorized access to…. A patch is available.

Is there a public PoC exploit available for EUVD-2025-19963?

Yes, a public proof-of-concept exploit is available for EUVD-2025-19963. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-19963?

Within 24 hours: inventory all WordPress installations using Sharable Password Protected Posts and identify current versions. Within 7 days: update all affected installations to version 1.1.1 or later. Within 30 days: conduct audit of password-protected posts created during vulnerability exposure window to assess potential unauthorized access.

Private Post Share EUVD-2025-19963

| CVE-2025-5920 HIGH

2025-07-04 contact@wpscan.com

Information Disclosure Private Post Share

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:35 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.1.1

EUVD ID Assigned

Mar 16, 2026 - 02:42 euvd

EUVD-2025-19963

Analysis Generated

Mar 16, 2026 - 02:42 vuln.today

PoC Detected

Jan 13, 2026 - 21:49 vuln.today

Public exploit code

CVE Published

Jul 04, 2025 - 10:15 nvd

HIGH 7.5

DescriptionCVE.org

The Sharable Password Protected Posts before version 1.1.1 allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API.

AnalysisAI

A security vulnerability in Sharable Password Protected Posts before version 1.1.1 (CVSS 7.5) that allows access. Risk factors: public PoC available.

Technical ContextAI

Vulnerability type not specified by vendor. CVSS 7.5 indicates high severity. Affects Sharable Password Protected Posts before version 1.1.1.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-19963 vulnerability details – vuln.today

Back

Private Post Share EUVD-2025-19963

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code