Primary

Context

Broadstreet WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

A vulnerability allowing sensitive information exposure has been identified in the Broadstreet plugin for WordPress, affecting all versions through 1.53.1. The issue arises in the get_sponsored_meta() AJAX action, where authenticated attackers with subscriber-level access and above can access data from password-protected and private business details.

Impact

Exploitation of this vulnerability allows authenticated users to access sensitive business information that is meant to be private or protected by a password.

Remediation

Users can update to Broadstreet version 1.53.2 or a newer patched version to address this vulnerability.

Added: May 13, 2026, 4:56 PM

Updated: May 13, 2026, 4:56 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

8.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.9

remediation

0.0

relevance

8.2

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Broadstreet WordPress Plugin Sensitive Information Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Broadstreet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating