CVE-2025-11895 | Binary MLM Plan Plugin up to 3.0 on WordPress Shortcode /bmp-account-detail/ bmp_user_payout_detail_of_current_user ID resource injection

Inserito da Angelo Barbosa | Ott 17, 2025 | CVE

A vulnerability was found in Binary MLM Plan Plugin up to 3.0 on WordPress. It has been rated as critical. This impacts the function bmp_user_payout_detail_of_current_user of the file /bmp-account-detail/ of the component Shortcode Handler. This manipulation of the argument ID causes improper control of resource identifiers.

The identification of this vulnerability is CVE-2025-11895. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-11895 | Binary MLM Plan Plugin up to 3.0 on WordPress Shortcode /bmp-account-detail/ bmp_user_payout_detail_of_current_user ID resource injection

Post correlati

CVE-2024-39672 | Huawei HarmonyOS/EMUI Memory Module use after free

CVE-2025-10179 | My AskAI Plugin up to 1.0.0 on WordPress Shortcode myaskai cross site scripting

CVE-2025-10502 | Google Chrome up to 140.0.7339.127 ANGLE heap-based overflow

CVE-2024-10917 | Eclipse Open J9 up to 0.47.0 JNI GetStringUTFLength integer overflow (Issue 47)