VulnerAlert



WORDPRESS
07-06-2025 02:20

CVE-2025-5814 Vulnerabilidad documentada

5.3 MEDIUM
Tags
#wordpress
#plugin
#data
#wp
#react
#attackers
#authenticated
#vulnerable
#attack
#access
#unauthorized
Descripción
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible unauthenticated attackers reactivate previously deactivated plugins after accessing "Profiler" page.
https://plugins.trac.wordpress.org/browser/profiler-what-slowing-down/trunk/actions.php#L31
https://www.wordfence.com/threat-intel/vulnerabilities/id/9213db60-c0c1-44a9-9b8c-621029c3a08f?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-5814
Resultados similares
Coincidentes en almenos en 50% de los tags
07-06-2025 CVE-2025-5568
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pa...
Ver información
07-06-2025 CVE-2025-5528
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflecte...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por