CVE-2025-32251: 
WordPress vulnerability analysis and mitigation

A sensitive data exposure vulnerability was identified in J. Tyler Wiest's Jetpack Feedback Exporter WordPress plugin, affecting versions through 1.23. The vulnerability was discovered by researcher Mika and was assigned CVE-2025-32251 on April 4, 2025. This security flaw allows unauthorized access to sensitive system information (Patchstack).

The vulnerability has been classified as an Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497). It received a CVSS v3.1 score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (Patchstack).

The vulnerability allows malicious actors to view sensitive information that is normally not accessible to regular users. This exposed data could potentially be leveraged to exploit other weaknesses in the system (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for this security issue. The vulnerability affects versions up to and including 1.23 of the Jetpack Feedback Exporter plugin (Patchstack).