CVE-2025-3609 | Reales WP STPT Plugin up to 2.1.2 on WordPress Password Update privilege escalation

Inserito da Angelo Barbosa | Mag 5, 2025 | CVE

A vulnerability was found in Reales WP STPT Plugin up to 2.1.2 on WordPress. It has been classified as critical. This affects an unknown part of the component Password Update Handler. The manipulation leads to privilege escalation.

This vulnerability is uniquely identified as CVE-2025-3609. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-3609 | Reales WP STPT Plugin up to 2.1.2 on WordPress Password Update privilege escalation

Post correlati

CVE-2024-24622 | Softaculous Webuzo 3.2.1 Password Reset os command injection

CVE-2024-49094 | Microsoft

CVE-2024-2327 | Global Elementor Buttons Plugin up to 1.1.0 on WordPress Button Link cross site scripting

CVE-2024-20115 | MediaTek MT8195 Ccu out-of-bounds write (MSV-1713 / ALPS09036695)