Description
Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0.
Published: 2026-01-05
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Patch ASAP
AI Analysis

Impact

WordPress plugin Brecht Custom Related Posts allows an attacker to retrieve sensitive data embedded in sent responses due to improper filtering of hidden fields. This flaw is a Sensitive Data Exposure vulnerability (CWE‑201) and can give attackers access to confidential information that should not be exposed to untrusted users.

Affected Systems

Brecht Custom Related Posts plugin versions 1.8.0 and earlier are affected. The issue applies to any installation of the plugin up through and including version 1.8.0 on WordPress sites.

Risk and Exploitability

The CVSS score of 7.5 indicates a high impact on confidentiality, while the EPSS score of less than 1 % suggests a low probability of exploitation at this time. The vulnerability is not listed in CISA's KEV catalog. Based on the description, it is inferred that an attacker can trigger the flaw by sending crafted requests to the plugin's endpoint or by accessing pages that include the plugin's output. The exploit requires no special privileges beyond access to the vulnerable WordPress instance.

Generated by OpenCVE AI on April 28, 2026 at 22:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Brecht Custom Related Posts plugin to the latest version (≥ 1.8.1) available from the official repository.
  • If an upgrade cannot be performed immediately, deactivate the plugin to prevent further exposure.
  • Review and restrict any configuration options that expose hidden fields or sensitive data to unauthenticated users.

Generated by OpenCVE AI on April 28, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through 1.8.0. Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts custom-related-posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through <= 1.8.0.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 06 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 06 Jan 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Brechtvds
Brechtvds custom Related Posts
Wordpress
Wordpress wordpress
Vendors & Products Brechtvds
Brechtvds custom Related Posts
Wordpress
Wordpress wordpress

Mon, 05 Jan 2026 11:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Brecht Custom Related Posts allows Retrieve Embedded Sensitive Data.This issue affects Custom Related Posts: from n/a through 1.8.0.
Title WordPress Custom Related Posts plugin <= 1.8.0 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Brechtvds Custom Related Posts
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:27.019Z

Reserved: 2025-12-15T10:01:03.746Z

Link: CVE-2025-68033

cve-icon Vulnrichment

Updated: 2026-01-06T18:14:22.408Z

cve-icon NVD

Status : Deferred

Published: 2026-01-05T11:17:41.680

Modified: 2026-04-23T15:35:51.433

Link: CVE-2025-68033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:45:25Z

Weaknesses