CVE-2025-6786: 
WordPress vulnerability analysis and mitigation

The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in versions up to and including 1.1.5. This vulnerability was discovered and disclosed on July 3, 2025, and has been assigned CVE-2025-6786. The plugin has been temporarily closed since July 1, 2025, pending a full security review (NVD, WordPress Plugin).

The vulnerability stems from a design flaw where the plugin redirects users to login on a password-protected post after the page has already loaded. This implementation error allows unauthenticated attackers to read posts they should not have access to. The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network accessibility with low attack complexity and no privileges required (NVD).

The vulnerability allows unauthorized users to access password-protected posts, compromising the confidentiality of protected content. This poses a significant risk for websites that rely on the plugin to restrict access to sensitive or private information (NVD).

As of July 1, 2025, the plugin has been temporarily closed and is not available for download pending a full security review. Users are advised to disable and remove the plugin until a patched version becomes available (WordPress Plugin).