4 matches found
CVE-2025-10305
CVE-2025-10305 documents a vulnerability in the WordPress Secure Passkeys plugin (versions up to and including 1.2.1) where delete_passkey() and passkeys_list() lack proper authorization checks. This allows authenticated users with Subscriber+ privileges to view and delete passkeys. The issue has...
CVE-2025-10305 Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion
The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the deletepasskey and passkeyslist function in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...
WordPress Secure Passkeys plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion vulnerability
Missing Authorization to Authenticated Subscriber+ Passkey Exposure and Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Secure Passkeys versions = 1.2.1...
WordPress plugin Secure Passkeys 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...