Published: May 13, 2026 | Last Modified: May 13, 2026
The Broadstreet plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.53.1 via the get_sponsored_meta() AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected and private business details.
Exploitation Probability (EPSS): Low — 0.03% (8th percentile)
Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.
This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.