All the vulnerabilites related to sizam - REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme
cve-2025-7368
Vulnerability from cvelistv5
Published
2025-09-06 01:45
Modified
2025-09-08 14:05
Severity ?
EPSS score ?
Summary
Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T13:58:13.024303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:05:52.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme",
"vendor": "sizam",
"versions": [
{
"lessThanOrEqual": "19.9.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the \u0027ajax_action_re_getfullcontent\u0027 function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T01:45:17.560Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f24313e-c246-44f8-b144-d95c55e71456?source=cve"
},
{
"url": "https://themeforest.net/item/rehub-directory-multi-vendor-shop-coupon-affiliate-theme/7646339#item-description__19-9-8-15-augl-2025"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T17:24:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-05T13:04:32.000+00:00",
"value": "Disclosed"
}
],
"title": "Rehub \u003c= 19.9.7 - Unauthenticated Password Protected Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7368",
"datePublished": "2025-09-06T01:45:17.560Z",
"dateReserved": "2025-07-08T19:16:31.343Z",
"dateUpdated": "2025-09-08T14:05:52.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-7366
Vulnerability from cvelistv5
Published
2025-09-06 01:45
Modified
2025-09-08 14:05
Severity ?
EPSS score ?
Summary
Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T13:58:20.995274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:05:58.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme",
"vendor": "sizam",
"versions": [
{
"lessThanOrEqual": "19.9.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T01:45:16.846Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f726479-c170-4e84-a5a7-2a82d0f62ad0?source=cve"
},
{
"url": "https://themeforest.net/item/rehub-directory-multi-vendor-shop-coupon-affiliate-theme/7646339#item-description__19-9-8-15-augl-2025"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T17:24:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-05T13:04:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Rehub \u003c= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7366",
"datePublished": "2025-09-06T01:45:16.846Z",
"dateReserved": "2025-07-08T18:39:03.086Z",
"dateUpdated": "2025-09-08T14:05:58.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}