CVE-2025-11887

The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

WordPress plugin Supervisor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-11887 Supervisor <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2025-11887

Summary (CVE-2025-11887) : The WordPress Supervisor plugin (versions ≤ 1.3.2) is vulnerable to unauthorized modification of data due to a missing capability check across several AJAX endpoints. authenticated attackers with Subscriber-level access or higher can update plugin settings. The vulnerab...

PT-2025-43594

Name of the Vulnerable Software and Affected Versions WordPress Supervisor Plugin versions up to and including 1.3.2 Description The Supervisor plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check in multiple AJAX functions. Authenticate...

WordPress Supervisor plugin <= 1.3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Supervisor versions = 1.3.2...