Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details.
AnalysisAI
The Broadstreet WordPress plugin versions up to 1.53.1 exposes sensitive business information through an unauthenticated AJAX endpoint (get_sponsored_meta), allowing attackers to extract password-protected and private business details. Despite the CVSS vector indicating PR:N, the vulnerability requires subscriber-level or higher WordPress access, making authenticated users the primary attack vector. The exposure is limited to confidentiality impact with no integrity or availability compromise.
Technical ContextAI
The vulnerability exists in the get_sponsored_meta() AJAX action handler within the Broadstreet plugin, which is a WordPress advertising and sponsorship management plugin (CPE: cpe:2.3:a:broadstreetads:broadstreet). The root cause is CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor), indicating insufficient access controls on data retrieval functions. AJAX endpoints in WordPress are callable by authenticated users if the nonce validation is absent or bypassed; in this case, the endpoint fails to properly restrict access to sensitive business metadata, allowing subscribers and above to query information that should only be accessible to administrators or the business owner.
RemediationAI
Update the Broadstreet plugin immediately to the version released after 1.53.1 (verify the exact version via the WordPress plugin repository changeset 3524817 or Wordfence advisory). The patch addresses the AJAX endpoint access control by implementing proper privilege checks in the get_sponsored_meta() function. Until patching is possible, site administrators should restrict subscriber-level user accounts to trusted individuals only and review user access logs for suspicious AJAX requests to get_sponsored_meta. Consider implementing WordPress security plugins that monitor AJAX endpoint access or manually disable the plugin if sensitive business data is critical - the trade-off is loss of sponsorship/advertising functionality until the patch is applied.
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman
The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all
The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner
The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint
The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via
The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based
SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote a
The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress i
The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' paramete
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209818