DocCheck Login <= 1.1.5 - Unauthorized Post Access

CVE	CVE-2025-6786
State	PUBLISHED
Assigner	Wordfence
Source Priority	CVE Program / NVD first with legacy fallback
Published	2025-07-04 03:15:23 UTC
Updated	2026-04-08 17:20:55 UTC
Description	The DocCheck Login plugin for WordPress is vulnerable to unauthorized post access in all versions up to, and including, 1.1.5. This is due to plugin redirecting a user to login on a password protected post after the page has loaded. This makes it possible for unauthenticated attackers to read posts they should not have access to.

Primary CVSS: v3.1 5.3 MEDIUM from [email protected]

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Problem Types: CWE-284 | CWE-284 CWE-284 Improper Access Control

Version	Source	Type	Score	Severity	Vector
3.1	[email protected]	Secondary	5.3	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
3.1	CNA	DECLARED	5.3	MEDIUM	`CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Source	Vendor	Product	Version	Platforms
CNA	Antwerpes	DocCheck Login	affected 1.1.5 semver	Not specified

Reference	Source	Link	Tags
www.wordfence.com/threat-intel/vulnerabilities/id/0739b5ec-b1c4-4451-97c1-f8d5e...	[email protected]	www.wordfence.com
plugins.trac.wordpress.org/changeset	[email protected]	plugins.trac.wordpress.org
wordpress.org/plugins/doccheck-login	[email protected]	wordpress.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: Jonas Benjamin Friedli (en)

Source	Time	Event
CNA	2025-07-03T12:24:08.000Z	Disclosed

There are currently no legacy QID mappings associated with this CVE.