CVE-2025-6745: 
WordPress vulnerability analysis and mitigation

The WoodMart plugin for WordPress (CVE-2025-6745) contains an Information Exposure vulnerability affecting all versions up to and including 8.2.5. The vulnerability was disclosed on July 11, 2025, and is related to insufficient restrictions in the woodmartgetpostsbyquery() function. This security issue affects the WoodMart WooCommerce WordPress theme and its associated plugin functionality (NVD Database).

The vulnerability stems from insufficient restrictions on which posts can be included through the woodmartgetpostsbyquery() function. The issue has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD Database).

The vulnerability allows unauthenticated attackers to extract data from password-protected, private, or draft posts that should be restricted. This unauthorized access to sensitive content could potentially expose confidential information meant to be private (NVD Database).