5 matches found
CVE-2025-4631
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktendobject endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the saveobjectasuser function for objects whose 'datatype' is set to 'users',. This allows...
Exploit for CVE-2025-4631
🚨 CVE-2025-4631 - Profitori WordPress Plugin Privilege Escala...
CVE-2025-4631 Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktendobject endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it possible to trigger the saveobjectasuser function for objects whose 'datatype' is set to 'users',. This allows...
CVE-2025-4631
The Profitori WordPress plugin (versions 2.0.6.0–2.1.1.3) is affected by an unauthenticated privilege-escalation vulnerability in the stocktend_object REST endpoint due to a missing capability check. Attackers can trigger save_object_as_user() on objects with _datatype='users' to write into wp_ca...
WordPress plugin Profitori 授权问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An authorization...