Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible REST endpoint requires only a subscriber account (PR:L); impact is limited to reading private post text fields with no integrity or availability consequence.
Primary rating from Vendor (Wordfence).
CVSS VectorVendor: Wordfence
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_post_translation. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the raw title, content, excerpt, and password of any private, draft, or password-protected post by triggering its duplication via the translation endpoint and reading the returned title.raw, content.raw, and excerpt.raw fields of the duplicated post. This vulnerability is exploitable against posts written in a non-default locale, as authenticated subscribers can request a translation into the site's default locale to pass the locale-only permission gate. While subscribers can trigger the endpoint, this is only impactful at the Contributor-level as they can actually read the duplicated content.
AnalysisAI
Sensitive information exposure in the Bogo WordPress plugin through version 3.9.1 allows authenticated users with subscriber-level access to extract the raw title, body content, excerpt, and password of any private, draft, or password-protected post by abusing the translation duplication endpoint. The REST API handler bogo_rest_create_post_translation enforced only a locale-access capability check, which all authenticated users can satisfy, and returned raw post field values in the API response without verifying whether the requestor had read or edit rights over the source content. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires an authenticated WordPress account at subscriber level or above - unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) accurately reflects network-reachable, low-complexity exploitation requiring only a subscriber account, with limited confidentiality impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker registers or obtains a subscriber-level WordPress account on the target site. They identify a post ID for a private or draft post authored in a non-default site locale (discoverable via enumeration or prior knowledge) and send a POST request to the Bogo REST translation endpoint specifying that post ID and the site's default locale as the target. … |
| Remediation | Update the Bogo plugin to the version containing the fix from GitHub PR #382 and WordPress plugin repository changeset 3574263. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37983
GHSA-4vf9-6whq-7g9v