CVE-2025-13642 | ProfilePress Plugin up to 4.16.7 on WordPress Shortcode Type privilege escalation

Inserito da Angelo Barbosa | Dic 9, 2025 | CVE

A vulnerability described as critical has been identified in ProfilePress Plugin up to 4.16.7 on WordPress. This issue affects some unknown processing of the component Shortcode Handler. The manipulation of the argument Type results in privilege escalation.

This vulnerability is known as CVE-2025-13642. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-13642 | ProfilePress Plugin up to 4.16.7 on WordPress Shortcode Type privilege escalation

Post correlati

CVE-2024-2073 | SourceCodester Block Inserter for Dynamic Content 1.0 view_post.php id sql injection

CVE-2025-47603 | belingoGeo Plugin up to 1.12.0 on WordPress path traversal

CVE-2025-14211 | projectworlds Advanced Library Management System 1.0 /delete_book.php book_id sql injection

CVE-2024-2708 | Tenda AC10U 15.03.06.49 /goform/execCommand formexeCommand cmdinput stack-based overflow