The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified in a post's discourse_permalink custom field during comment synchronization. This makes it possible for authenticated attackers, with author-level access and above, to exfiltrate sensitive Discourse API credentials to attacker-controlled servers, as well as query internal services and potentially perform further attacks.
PUBLISHED5.2CWE-200
WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure
Problem type
Affected products
scossar
WP Discourse
<= 2.5.9 - AFFECTED
References
wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1524f3-1c59-49a1-bbe3-94dcfd232b1d?source=cve
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L211
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L218
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/plugin-utilities.php#L486
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3384149%40wp-discourse&new=3384149%40wp-discourse&sfp_email=&sfph_mail=
GitHub Security Advisories
GHSA-95h8-w3mv-h4hq
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to...
https://github.com/advisories/GHSA-95h8-w3mv-h4hqThe WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified in a post's discourse_permalink custom field during comment synchronization. This makes it possible for authenticated attackers, with author-level access and above, to exfiltrate sensitive Discourse API credentials to attacker-controlled servers, as well as query internal services and potentially perform further attacks.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2025-11983
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L211
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L218
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/plugin-utilities.php#L486
plugins.trac.wordpress.org
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3384149%40wp-discourse&new=3384149%40wp-discourse&sfp_email=&sfph_mail=
wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1524f3-1c59-49a1-bbe3-94dcfd232b1d?source=cve
github.com
https://github.com/advisories/GHSA-95h8-w3mv-h4hq
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-11983",
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"dateUpdated": "2025-11-01T05:40:23.063Z",
"dateReserved": "2025-10-20T18:28:48.760Z",
"datePublished": "2025-11-01T05:40:23.063Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence",
"dateUpdated": "2025-11-01T05:40:23.063Z"
},
"title": "WP Discourse <= 2.5.9 - Authenticated (Author+) Information Exposure",
"descriptions": [
{
"lang": "en",
"value": "The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. This is due to the plugin unconditionally sending Discourse API credentials (Api-Key and Api-Username headers) to any host specified in a post's discourse_permalink custom field during comment synchronization. This makes it possible for authenticated attackers, with author-level access and above, to exfiltrate sensitive Discourse API credentials to attacker-controlled servers, as well as query internal services and potentially perform further attacks."
}
],
"affected": [
{
"vendor": "scossar",
"product": "WP Discourse",
"defaultStatus": "unaffected",
"versions": [
{
"version": "*",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.5.9"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6b1524f3-1c59-49a1-bbe3-94dcfd232b1d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L211"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/discourse-comment.php#L218"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-discourse/tags/2.5.9/lib/plugin-utilities.php#L486"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3384149%40wp-discourse&new=3384149%40wp-discourse&sfp_email=&sfph_mail="
}
],
"metrics": [
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
}
}
],
"timeline": [
{
"time": "2025-10-31T16:59:07.000+00:00",
"lang": "en",
"value": "Disclosed"
}
],
"credits": [
{
"lang": "en",
"value": "Jonas Benjamin Friedli",
"type": "finder"
}
]
}
}
}