Refine your search
7 vulnerabilities found for by smub
CVE-2025-12847 (GCVE-0-2025-12847)
Vulnerability from cvelistv5
Published
2025-11-15 05:45
Modified
2025-11-15 05:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments. This makes it possible for authenticated attackers, with Contributor-level access and above, to permanently delete arbitrary media attachments by ID via the REST API, granted they can determine valid attachment IDs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic |
Version: * ≤ 4.8.9 |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings \u0026 Increase Traffic",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "4.8.9",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings \u0026 Increase Traffic plugin for WordPress is vulnerable to unauthorized arbitrary media attachment deletion due to a missing authorization check in all versions up to, and including, 4.8.9. This is due to the REST API endpoint `/wp-json/aioseo/v1/ai/image-generator` only verifying that users have the `edit_posts` capability (Contributors and above) without checking if they own or have permission to delete the specific media attachments. This makes it possible for authenticated attackers, with Contributor-level access and above, to permanently delete arbitrary media attachments by ID via the REST API, granted they can determine valid attachment IDs."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-15T05:45:32.963Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05abc09f-903b-45a9-8cde-1bf8fd5d7d44?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.8.9/app/Common/Api/Api.php#L192"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.8.9/app/Common/Api/Ai.php#L542"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.8.9/app/Common/Ai/Image.php#L192"
},
{
"url": "https://plugins.trac.wordpress.org/browser/all-in-one-seo-pack/tags/4.8.9/app/Common/Utils/Access.php#L184"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3393820%40all-in-one-seo-pack\u0026old=3384131%40all-in-one-seo-pack\u0026sfp_email=\u0026sfph_mail=#file1387"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T21:20:07.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-14T16:58:45.000+00:00",
"value": "Disclosed"
}
],
"title": "All in One SEO \u2013 Powerful SEO Plugin to Boost SEO Rankings \u0026 Increase Traffic \u003c= 4.8.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Media Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12847",
"datePublished": "2025-11-15T05:45:32.963Z",
"dateReserved": "2025-11-06T21:04:39.818Z",
"dateUpdated": "2025-11-15T05:45:32.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12377 (GCVE-0-2025-12377)
Vulnerability from cvelistv5
Published
2025-11-13 11:29
Modified
2025-11-13 14:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0.
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | Gallery Plugin for WordPress – Envira Photo Gallery |
Version: * ≤ 1.12.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12377",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T14:45:34.056093Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T14:46:20.368Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.12.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dmitrii Ignatyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.12.0. This makes it possible for authenticated attackers, with Author-level access and above, to perform multiple actions, such as removing images from arbitrary galleries. The vulnerability was partially patched in version 1.12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T11:29:03.241Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69a0d985-cc85-45ba-889d-1ed30d06f9ce?source=cve"
},
{
"url": "https://drive.google.com/file/d/1AgsJeff1x4pQAFVGmoSwwU75iiH4-H_p/view?usp=sharing"
},
{
"url": "https://plugins.trac.wordpress.org/browser/envira-gallery-lite/trunk/includes/admin/ajax.php"
},
{
"url": "https://research.cleantalk.org/cve-2025-12377/"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3387243/envira-gallery-lite/trunk/includes/admin/ajax.php?old=3133202\u0026old_path=envira-gallery-lite%2Ftrunk%2Fincludes%2Fadmin%2Fajax.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3394455%40envira-gallery-lite\u0026old=3387243%40envira-gallery-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-28T00:28:47.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-12T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery \u003c= 1.12.0 - Missing Authorization to Authenticated (Author+) Multiple Gallery Actions"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12377",
"datePublished": "2025-11-13T11:29:03.241Z",
"dateReserved": "2025-10-28T00:08:29.199Z",
"dateUpdated": "2025-11-13T14:46:20.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11448 (GCVE-0-2025-11448)
Vulnerability from cvelistv5
Published
2025-11-08 09:28
Modified
2025-11-10 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert' REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | Gallery Plugin for WordPress – Envira Photo Gallery |
Version: * ≤ 1.11.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11448",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:07:09.934571Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:13:43.112Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.11.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lucas Montes"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Gallery Plugin for WordPress \u2013 Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027/envira-convert/v1/bulk-convert\u0027 REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T09:28:11.104Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/900e6528-f350-4e1b-80a5-aa01248323a8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3387243/envira-gallery-lite/trunk/includes/global/convert_gallery/Convert_Gallery_REST.php?old=3379688\u0026old_path=envira-gallery-lite%2Ftrunk%2Fincludes%2Fglobal%2Fconvert_gallery%2FConvert_Gallery_REST.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-07T16:46:51.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T20:58:55.000+00:00",
"value": "Disclosed"
}
],
"title": "Gallery Plugin for WordPress \u2013 Envira Photo Gallery \u003c= 1.11.0 - Missing Authorization to Authenticated (Contributor+) Gallery Conversion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11448",
"datePublished": "2025-11-08T09:28:11.104Z",
"dateReserved": "2025-10-07T16:31:27.084Z",
"dateUpdated": "2025-11-10T14:13:43.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12837 (GCVE-0-2025-12837)
Vulnerability from cvelistv5
Published
2025-11-08 09:28
Modified
2025-11-10 14:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | aThemes Addons for Elementor |
Version: * ≤ 1.1.5 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-10T14:07:13.119123Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T14:13:48.536Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "aThemes Addons for Elementor",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.1.5",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abu Hurayra"
}
],
"descriptions": [
{
"lang": "en",
"value": "The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-08T09:28:10.706Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/75a3a8ee-42c6-4963-bb48-6794b310b861?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/athemes-addons-for-elementor-lite/tags/1.1.5/inc/modules/widgets/call-to-action/class-call-to-action.php#L938"
},
{
"url": "https://wordpress.org/plugins/athemes-addons-for-elementor-lite/#developers"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3391638%40athemes-addons-for-elementor-lite\u0026old=3382628%40athemes-addons-for-elementor-lite\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-06T20:21:14.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-07T20:47:37.000+00:00",
"value": "Disclosed"
}
],
"title": "aThemes Addons for Elementor \u003c= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12837",
"datePublished": "2025-11-08T09:28:10.706Z",
"dateReserved": "2025-11-06T20:06:06.183Z",
"dateUpdated": "2025-11-10T14:13:48.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11271 (GCVE-0-2025-11271)
Vulnerability from cvelistv5
Published
2025-11-06 04:36
Modified
2025-11-06 15:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-807 - Reliance on Untrusted Inputs in a Security Decision
Summary
The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this value is attacker-supplied, an unauthenticated actor can submit a forged IPN and have it treated as verified, even on production sites and with verification otherwise enabled. A valid PayPal transaction id is needed, restricting order manipulation to orders placed by the attacker. This, in turn, requires them to have a customer account.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | Easy Digital Downloads – eCommerce Payments and Subscriptions made easy |
Version: * ≤ 3.5.2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11271",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-06T15:50:26.199391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T15:50:35.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Easy Digital Downloads \u2013 eCommerce Payments and Subscriptions made easy",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "3.5.2",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jamie Davies"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification is unconditionally skipped when the POST body includes verification_override=1. Because this value is attacker-supplied, an unauthenticated actor can submit a forged IPN and have it treated as verified, even on production sites and with verification otherwise enabled. A valid PayPal transaction id is needed, restricting order manipulation to orders placed by the attacker. This, in turn, requires them to have a customer account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-807",
"description": "CWE-807 Reliance on Untrusted Inputs in a Security Decision",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-06T04:36:22.463Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4c63154e-9413-47ea-a740-441618266adf?source=cve"
},
{
"url": "https://github.com/awesomemotive/easy-digital-downloads/blob/main/includes/gateways/paypal/ipn.php"
},
{
"url": "https://github.com/awesomemotive/easy-digital-downloads/blob/main/src/Gateways/PayPal/IPN.php"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026new=3382964%40easy-digital-downloads%2Ftrunk\u0026old=3364285%40easy-digital-downloads%2Ftrunk\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-03T22:10:42.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-05T16:27:52.000+00:00",
"value": "Disclosed"
}
],
"title": "Easy Digital Download \u003c= 3.5.2 - Insufficient Verification to Order Manipulation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11271",
"datePublished": "2025-11-06T04:36:22.463Z",
"dateReserved": "2025-10-03T21:53:31.464Z",
"dateUpdated": "2025-11-06T15:50:35.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11893 (GCVE-0-2025-11893)
Vulnerability from cvelistv5
Published
2025-10-25 06:49
Modified
2025-10-27 15:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donation_ids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation of the vulnerability requires a paid donation.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More |
Version: * ≤ 1.8.8.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:53:15.862895Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:53:27.036Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations \u0026 More",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.8.8.4",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafshanzani Suhada"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations \u0026 More plugin for WordPress is vulnerable to SQL Injection via the donation_ids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. Exploitation of the vulnerability requires a paid donation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T06:49:21.583Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/46b7820c-f36d-4c7d-b326-07259786fc6a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/charitable/trunk/includes/abstracts/abstract-class-charitable-query.php#L194"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3382719/charitable/trunk/includes/abstracts/abstract-class-charitable-query.php?contextall=1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-16T20:27:50.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-24T17:36:30.000+00:00",
"value": "Disclosed"
}
],
"title": "Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations \u0026 More \u003c= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-11893",
"datePublished": "2025-10-25T06:49:21.583Z",
"dateReserved": "2025-10-16T20:12:20.027Z",
"dateUpdated": "2025-10-27T15:53:27.036Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10694 (GCVE-0-2025-10694)
Vulnerability from cvelistv5
Published
2025-10-25 05:31
Modified
2025-10-27 15:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| smub | User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds |
Version: * ≤ 1.8.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10694",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:57:28.708214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:57:39.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds",
"vendor": "smub",
"versions": [
{
"lessThanOrEqual": "1.8.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Ngoc Quang Bach"
}
],
"descriptions": [
{
"lang": "en",
"value": "The User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the `maybe_load_onboarding_wizard` function in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to access the onboarding wizard page and view configuration information including the administrator email address."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-25T05:31:22.739Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9026b417-4b35-4bec-9dc6-6797661dc7a8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3378233/userfeedback-lite/trunk/includes/admin/class-userfeedback-onboarding-wizard.php?old=3354862\u0026old_path=userfeedback-lite%2Ftrunk%2Fincludes%2Fadmin%2Fclass-userfeedback-onboarding-wizard.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-11T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-09-18T15:57:46.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-10-24T17:09:00.000+00:00",
"value": "Disclosed"
}
],
"title": "User Feedback \u2013 Create Interactive Feedback Form, User Surveys, and Polls in Seconds \u003c= 1.8.0 - Missing Authorization to Information Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10694",
"datePublished": "2025-10-25T05:31:22.739Z",
"dateReserved": "2025-09-18T15:41:28.436Z",
"dateUpdated": "2025-10-27T15:57:39.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}