EUVD-2025-201144

🗓️ 04 Dec 2025 09:31:26Reported by EUVDType

The Custom Post Type UI plugin up to version 1.18.0 enables subscriber authorization bypass.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-12826	4 Dec 202508:11	–	circl
CNNVD	WordPress plugin Custom Post Type UI 安全漏洞	4 Dec 202500:00	–	cnnvd
CVE	CVE-2025-12826	4 Dec 202506:48	–	cve
Cvelist	CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification	4 Dec 202506:48	–	cvelist
NVD	CVE-2025-12826	4 Dec 202507:16	–	nvd
Patchstack	WordPress Custom Post Type UI plugin <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification vulnerability	4 Dec 202500:05	–	patchstack
Positive Technologies	PT-2025-49007	4 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12826	5 Dec 202507:32	–	redhatcve
Vulnrichment	CVE-2025-12826 Custom Post Type UI <= 1.18.0 - Missing Authorization to Unauthenticated (Previously Administrator+) Custom Post Type Modification	4 Dec 202506:48	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (December 1, 2025 to December 7, 2025)	11 Dec 202517:00	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "50c956c3-8ff1-36c6-8a3d-f024c3f51582",
        "vendor": {
          "name": "WebDevStudios"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1e7ab4c2-1a9e-327f-a6ec-4c60c21ef58e",
        "product": {
          "name": "Custom Post Type UI"
        },
        "product_version": "* ≤1.18.0"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/90d203b1-9426-4eff-b566-02c8a1c6adfa
github	www.github.com/WebDevStudios/custom-post-type-ui/commit/215779a5ac0c624f0dcf875e87305b4898d5bcf9
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-12826

04 Dec 2025 09:31Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.14.8

EPSS0.00041