WordPress AL Pack plugin unauthorized access vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress AL Pack plugin, which stems from a lack of functionality checking of the checkactivatepermission permission callback...

CVE-2025-7664 Al Pack <= 1.1.1 - Missing Authorization to Unauthenticated Premium Feature Activation via check_activate_permission Function

The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the checkactivatepermission permission callback for the /wp-json/presslearn/v1/activate REST API endpoint in all versions up to, and including, 1.1.1. The callback reads the client-supplied...

PT-2025-33530 · WordPress · Al Pack For Wordpress

Name of the Vulnerable Software and Affected Versions: AL Pack for WordPress versions up to and including 1.0.2 Description: The AL Pack plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the check activate permission permission callback for the...

WordPress plugin AL Pack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized access vulnerability exists in the WordPress AL Pack plugin, which stems from a lack of functionality checking of the checkactivatepermission permission callback...