Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
WordPress allows unauthorized access to posts
CVE-2025-47915
Summary
A flaw in WordPress allows an attacker to access and view posts that were previously rejected or marked as private. This could happen if an administrator hasn't properly configured the plugin that handles post visibility. To fix this, update WordPress and ensure the plugin is properly configured to control post visibility.
Original title
Rejected reason: reserved but not needed
Original description
Rejected reason: reserved but not needed
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026