CVE-2025-2276

by Fred · 26/03/2025

The Ultimate Dashboard – Custom WordPress Dashboard plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_module_actions function in all versions up to, and including, 3.8.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate/deactivate plugin modules.

Assigner : cve-request@wordfence.com

More information : https://plugins.trac.wordpress.org/browser/ultimate-dashboard/tags/3.8.7/modules/feature/class-feature-module.php#L118

CVE-2025-2276

Similar

Recent Posts

Categories

CVE-2025-2276

Share this:

Similar

Recent Posts

Categories

Tags