cleantalk
Vulnerabilities and Security Researches

Broadstreet, CVE-2025-9987

CVE, Research URL

CVE-2025-9987

Home page URL

Security reports for Broadstreet

Application

Broadstreet

Published on
May 13, 2026
Research Description
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details.
Affected versions
max 1.53.2.
Status
vulnerable
Previous vulnerability researches
WordPress Directory Plugin For Business Listings – WP Local Plus (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 06, 2024
New vulnerability
WP Google Street View (with 360° virtual tour) & Google maps + Local SEO (CVE-2023-33999) , Jun 14, 2026
Elegant Calendar Lite – WordPress Events Calendar Plugin (CVE-2023-33999) , Jun 14, 2026
WooCommerce Attribute Stock – Shared Stock & Quantity Multipliers (Lite Version) (CVE-2023-33999) , Jun 14, 2026
Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss (CVE-2023-33999) , Jun 14, 2026
Stripe Express (CVE-2023-33999) , Jun 14, 2026