CVE-2025-10706 | WP Framework Plugin up to 1.0.14 on WordPress Plugin Installation cwp_addons_update_plugin_cb authorization

Inserito da Angelo Barbosa | Ott 16, 2025 | CVE

A vulnerability categorized as critical has been discovered in WP Framework Plugin up to 1.0.14 on WordPress. Affected is the function cwp_addons_update_plugin_cb of the component Plugin Installation Handler. Executing manipulation can lead to missing authorization.

This vulnerability is handled as CVE-2025-10706. The attack can be executed remotely. There is not any exploit available.

CVE-2025-10706 | WP Framework Plugin up to 1.0.14 on WordPress Plugin Installation cwp_addons_update_plugin_cb authorization

Post correlati

CVE-2024-4752 | EventON Plugin up to 2.2.14 on WordPress Setting cross site scripting

CVE-2024-24747 | MinIO prior RELEASE.2024-01-31T20-20-33Z Access Key insecure preserved inherited permissions (GHSA-xx8w-mq23-29g4)

CVE-2023-41918 | Kiloview P1/P2 up to 4.8.2605 ACL missing authentication (NCSC-2024-0273)

CVE-2024-32140 | Libsyn Publisher Hub Plugin up to 1.4.4 on WordPress cross site scripting