VulnTitan

VulnTitan

The WordPress Vulnerability Index

DocCheck Login <= 1.1.5 - Unauthorized Post Access

plugin
Medium
5.3
Improper Access Control
CVE CVE-2025-6786
CVSS 5.3 (Medium)
Publicly Published Jul 03, 2025
Last Updated Jul 04, 2025
Researchers Jonas Benjamin Friedli

Description

The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.

References

Share

Vulnerability Details

Software Type plugin
Software Slug doccheck-login (view on wordpress.org)
Patched No
Remediation No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Affected Versions
  • * - 1.1.5

This record contains material that is subject to copyright

Copyright 2012-2025 Defiant Inc.

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more.


Copyright 1999-2025 The MITRE Corporation

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more.