CVE-2025-54008: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2025-54008 affects JetSmartFilters WordPress plugin versions 3.6.7 and below. This security issue was discovered by researcher stealthcopter and publicly disclosed on July 16, 2025. The vulnerability is classified as a Sensitive Information Exposure issue that affects authenticated users with Subscriber level privileges or higher (Wordfence Intel, Patchstack Database).

The vulnerability has received a CVSS score of 5.3 (Medium) according to Wordfence, while Patchstack rates it at 6.5 (Low). It falls under the OWASP Top 10 category of A1: Broken Access Control. The issue allows authenticated users with Subscriber privileges to access sensitive information that should normally be restricted (Patchstack Database).

This vulnerability could enable malicious actors with authenticated access to view sensitive information that is normally not accessible to regular users. This exposed information could potentially be leveraged to exploit other weaknesses in the system (Patchstack Database).

The vulnerability has been patched in version 3.6.7.1 of the JetSmartFilters plugin. Site administrators are advised to update to version 3.6.7.1 or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack Database).