Search criteria
4 vulnerabilities found for REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme by sizam
CVE-2025-7368 (GCVE-0-2025-7368)
Vulnerability from cvelistv5 – Published: 2025-09-06 01:45 – Updated: 2025-09-08 14:05
VLAI?
Title
Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure
Summary
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_getfullcontent' function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sizam | REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme |
Affected:
* , ≤ 19.9.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T13:58:13.024303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:05:52.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme",
"vendor": "sizam",
"versions": [
{
"lessThanOrEqual": "19.9.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the \u0027ajax_action_re_getfullcontent\u0027 function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T01:45:17.560Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f24313e-c246-44f8-b144-d95c55e71456?source=cve"
},
{
"url": "https://themeforest.net/item/rehub-directory-multi-vendor-shop-coupon-affiliate-theme/7646339#item-description__19-9-8-15-augl-2025"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T17:24:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-05T13:04:32.000+00:00",
"value": "Disclosed"
}
],
"title": "Rehub \u003c= 19.9.7 - Unauthenticated Password Protected Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7368",
"datePublished": "2025-09-06T01:45:17.560Z",
"dateReserved": "2025-07-08T19:16:31.343Z",
"dateUpdated": "2025-09-08T14:05:52.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7366 (GCVE-0-2025-7366)
Vulnerability from cvelistv5 – Published: 2025-09-06 01:45 – Updated: 2025-09-08 14:05
VLAI?
Title
Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost
Summary
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity ?
7.3 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sizam | REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme |
Affected:
* , ≤ 19.9.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T13:58:20.995274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:05:58.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme",
"vendor": "sizam",
"versions": [
{
"lessThanOrEqual": "19.9.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T01:45:16.846Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f726479-c170-4e84-a5a7-2a82d0f62ad0?source=cve"
},
{
"url": "https://themeforest.net/item/rehub-directory-multi-vendor-shop-coupon-affiliate-theme/7646339#item-description__19-9-8-15-augl-2025"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T17:24:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-05T13:04:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Rehub \u003c= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7366",
"datePublished": "2025-09-06T01:45:16.846Z",
"dateReserved": "2025-07-08T18:39:03.086Z",
"dateUpdated": "2025-09-08T14:05:58.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7368 (GCVE-0-2025-7368)
Vulnerability from nvd – Published: 2025-09-06 01:45 – Updated: 2025-09-08 14:05
VLAI?
Title
Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure
Summary
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_getfullcontent' function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sizam | REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme |
Affected:
* , ≤ 19.9.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7368",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T13:58:13.024303Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:05:52.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme",
"vendor": "sizam",
"versions": [
{
"lessThanOrEqual": "19.9.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the \u0027ajax_action_re_getfullcontent\u0027 function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T01:45:17.560Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f24313e-c246-44f8-b144-d95c55e71456?source=cve"
},
{
"url": "https://themeforest.net/item/rehub-directory-multi-vendor-shop-coupon-affiliate-theme/7646339#item-description__19-9-8-15-augl-2025"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T17:24:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-05T13:04:32.000+00:00",
"value": "Disclosed"
}
],
"title": "Rehub \u003c= 19.9.7 - Unauthenticated Password Protected Post Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7368",
"datePublished": "2025-09-06T01:45:17.560Z",
"dateReserved": "2025-07-08T19:16:31.343Z",
"dateUpdated": "2025-09-08T14:05:52.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7366 (GCVE-0-2025-7366)
Vulnerability from nvd – Published: 2025-09-06 01:45 – Updated: 2025-09-08 14:05
VLAI?
Title
Rehub <= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost
Summary
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Severity ?
7.3 (High)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| sizam | REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme |
Affected:
* , ≤ 19.9.7
(semver)
|
Credits
Matthew Rollings
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7366",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-08T13:58:20.995274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T14:05:58.454Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme",
"vendor": "sizam",
"versions": [
{
"lessThanOrEqual": "19.9.7",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Matthew Rollings"
}
],
"descriptions": [
{
"lang": "en",
"value": "The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-06T01:45:16.846Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4f726479-c170-4e84-a5a7-2a82d0f62ad0?source=cve"
},
{
"url": "https://themeforest.net/item/rehub-directory-multi-vendor-shop-coupon-affiliate-theme/7646339#item-description__19-9-8-15-augl-2025"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-22T17:24:25.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-05T13:04:49.000+00:00",
"value": "Disclosed"
}
],
"title": "Rehub \u003c= 19.9.7 - Unauthenticated Arbitrary Shortcode Execution via re_filterpost"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-7366",
"datePublished": "2025-09-06T01:45:16.846Z",
"dateReserved": "2025-07-08T18:39:03.086Z",
"dateUpdated": "2025-09-08T14:05:58.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}