VulnerAlert



DATABASE
WORDPRESS
18-12-2025 10:38

CVE-2025-14364 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#data
#wp
#reset
#admin
#database
#attackers
#authenticated
#vulnerable
#privilege escalation
#privilege
#attack
#access
#unauthorized
Descripción
The Demo Importer Plus plugin for WordPress is vulnerable to unauthorized modification of data, loss and privilege escalation due a missing capability check on the Ajax::handle_request() function in all versions up to, including, 2.0.8. This makes it possible authenticated attackers, with Subscriber-level access above, trigger full site reset, dropping database tables except users/usermeta re-running wp_install(), which also assigns Administrator role attacking subscriber account.
https://plugins.trac.wordpress.org/changeset/3420645/demo-importer-plus/trunk/inc/Ajax.php
https://www.wordfence.com/threat-intel/vulnerabilities/id/ff9364a9-18f8-47d3-b992-e39c8d99d6ea?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-14364
Resultados similares
Coincidentes en almenos en 50% de los tags
18-12-2025 CVE-2025-64273
Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse...
Ver información
18-12-2025 CVE-2025-64272
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Get...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por