{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:01:52.555","vulnerabilities":[{"cve":{"id":"CVE-2025-54352","sourceIdentifier":"cve@mitre.org","published":"2025-07-21T05:15:38.750","lastModified":"2025-07-22T13:06:07.260","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior."},{"lang":"es","value":"WordPress 3.5 a 6.8.2 permite a atacantes remotos adivinar los títulos de publicaciones privadas y borradores mediante solicitudes XML-RPC pingback.ping. NOTA: El proveedor no está modificando este comportamiento."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-669"}]}],"references":[{"url":"https:\/\/www.imperva.com\/blog\/beware-a-threat-actor-could-steal-the-titles-of-your-private-and-draft-wordpress-posts\/","source":"cve@mitre.org"}]}}]}