Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through <= 1.7.1.
Published: 2025-02-17
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an unauthorized user to obtain embedded sensitive data stored by the Spotlight Social Media Feeds plugin. Because the plugin exposes system information through web‑accessible functions, any visitor can potentially retrieve confidential content, resulting in a breach of data confidentiality.

Affected Systems

WordPress sites utilizing RebelCode Spotlight Social Media Feeds plugin version 1.7.1 or earlier are affected. All earlier releases of the plugin share the same exposure.

Risk and Exploitability

The CVSS score of 5.3 denotes a moderate threat, while the EPSS score of < 1 % indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this weakness via the website’s public interface, typically by sending crafted requests to the plugin’s endpoints to trigger the disclosure of sensitive data.

Generated by OpenCVE AI on May 1, 2026 at 16:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Spotlight Social Media Feeds to version 1.7.2 or later.
  • If the social media feed feature is unnecessary, disable or remove the plugin entirely from the WordPress installation.
  • Review and clean any sensitive content that may have been unintentionally exposed by the plugin, and configure the plugin settings to limit data exposure in future use.

Generated by OpenCVE AI on May 1, 2026 at 16:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-4872 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1. Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds spotlight-social-photo-feeds allows Retrieve Embedded Sensitive Data.This issue affects Spotlight Social Media Feeds: from n/a through <= 1.7.1.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00056}

 epss

{'score': 0.0004}

Tue, 18 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 17 Feb 2025 11:45:00 +0000

Type Values Removed Values Added
Description Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in RebelCode Spotlight Social Media Feeds allows Retrieve Embedded Sensitive Data. This issue affects Spotlight Social Media Feeds: from n/a through 1.7.1.
Title WordPress Spotlight Social Feeds plugin <= 1.7.1 - Sensitive Data Exposure vulnerability
Weaknesses CWE-497
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:40.056Z

Reserved: 2025-02-14T06:53:23.368Z

Link: CVE-2025-26758

cve-icon Vulnrichment

Updated: 2025-02-18T15:44:47.478Z

cve-icon NVD

Status : Deferred

Published: 2025-02-17T12:15:28.407

Modified: 2026-04-23T15:25:55.813

Link: CVE-2025-26758

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T16:15:20Z

Weaknesses
  • CWE-497

    Exposure of Sensitive System Information to an Unauthorized Control Sphere