CVE-2025-7664 | AL Pack Plugin up to 1.0.2 on WordPress Unauthenticated Premium Feature activate check_activate_permission authorization

Inserito da Angelo Barbosa | Ago 15, 2025 | CVE

A vulnerability has been found in AL Pack Plugin up to 1.0.2 on WordPress and classified as critical. This vulnerability affects the function check_activate_permission of the file /wp-json/presslearn/v1/activate of the component Unauthenticated Premium Feature Handler. The manipulation leads to missing authorization.

This vulnerability was named CVE-2025-7664. The attack can be initiated remotely. There is no exploit available.

CVE-2025-7664 | AL Pack Plugin up to 1.0.2 on WordPress Unauthenticated Premium Feature activate check_activate_permission authorization

Post correlati

CVE-2023-49748 | WPS Hide Login Plugin up to 1.9.11 on WordPress Hidden Login Page information disclosure

CVE-2024-30676 | ROS2 Iron Irwini denial of service

CVE-2024-50983 | FlightPath 7.5 Last Name Section cross site scripting

CVE-2023-32328 | IBM Security Verify Access Appliance up to 10.0.6.1 cleartext transmission (XFDB-254957)