CVE-2025-23486 – WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability

https://notcve.org/view.php?id=CVE-2025-23486

16 Jan 2025 — Missing Authorization vulnerability in NotFound Database Sync allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Database Sync: from n/a through 0.5.1. The Database Sync plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/wordpress/plugin/database-sync/vulnerability/wordpress-database-sync-plugin-0-5-1-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-862: Missing Authorization •