VulnerAlert



WORDPRESS
16-12-2025 10:01

CVE-2025-13741 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#plugin
#data
#change
#attackers
#authenticated
#vulnerable
#attack
#access
#unauthorized
Descripción
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Categories plugin for WordPress is vulnerable to unauthorized access of data due a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it possible authenticated attackers, with Contributor-level above, retrieve emails users edit_posts capability.
https://plugins.trac.wordpress.org/browser/post-expirator/tags/4.9.1/src/Modules/Workflows/Rest/RestApiV1.php#L376
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f67da8c-da60-4c77-a8b8-7dfc027662e9?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-13741
Resultados similares
Coincidentes en almenos en 50% de los tags
16-12-2025 CVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'...
Ver información
16-12-2025 CVE-2025-14002
The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por