CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

May 29, 2025

CVE ID : CVE-2025-47288

Published : May 29, 2025, 8:15 p.m. | 1 hour, 18 minutes ago

Description : Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5325 – Zhilink ADP Application Developer Platform Template Engine Code Injection Vulnerability

Next Article CVE-2025-47933 – Argo CD Cross-Site Scripting (XSS)

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

How Red Hat just quietly, radically transformed enterprise server Linux

OpenAI wants ChatGPT to be your ‘super assistant’ – what that means

The best Linux VPNs of 2025: Expert tested and reviewed

One of my favorite gaming PCs is 60% off right now

`document.currentScript` is more useful than I thought.

`document.currentScript` is more useful than I thought.

Adobe Sensei and GenAI in Practice for Enterprise CMS

Over The Air Updates for React Native Apps

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

Microsoft says Copilot can use location to change Outlook’s UI on Android

TempoMail — Command Line Temporary Email in Linux

CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

Chrome Zero-Day Alert: CVE-2025-5419 Actively Exploited in the Wild

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted

Kadas Albireo is a mapping application based on QGIS

Enhancing Images with CSS Filters

Is there some software to document the results of functional software testing?

CVE-2024-48704 – Apache Phpgurukul Medical Card Generation System HTML Injection

Stakeholder Strategies for Designing Better UX

Google DeepMind Releases Penzai: A JAX Library for Building, Editing, and Visualizing Neural Networks

Google improves PWA icons on Chrome for Mac to match Apple’s style

Lessons from the Ticketmaster-Snowflake Breach

CVE-2025-47288 – Discourse Policy Plugin Group Policy Information Disclosure

Related Posts