Vulnerabilities

CVE-2025-6813

by Fred · 18/07/2025

The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges.

More information : https://plugins.trac.wordpress.org/browser/aapanel-wp-toolkit/tags/1.1/includes/class-aapanel-wp-toolkit-agent.php#L74

Similar

Tags: Cybersecurity Alert