Lucene search
K

4 matches found

Circl
Circl
added 2025/04/12 6:51 a.m.17 views

CVE-2025-3418

creationtimestamp| type| source ---|---|--- 2025-04-12 06:51:46+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/11549 2025-04-12 08:17:46+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmm3u4nnul24 2025-04-12 08:48:12+00:00| seen|...

8.8CVSS8.7AI score0.00359EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/04/12 6:37 a.m.6 views

CVE-2025-3418 WPC Admin Columns 2.0.6 - 2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajaxeditsave function. This makes it possible for authenticated attackers, with...

8.8CVSS7.2AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2025/04/12 6:37 a.m.106 views

CVE-2025-3418

CVE-2025-3418 affects WPC Admin Columns for WordPress. The issue is a privilege-escalation via the ajax_edit_save path: authenticated users with Subscriber+ can update their user meta to elevate to administrator, due to insufficient access control on that update. Root cause: missing/weak authoriz...

8.8CVSS8.7AI score0.00359EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/04/11 6:23 p.m.4 views

WordPress WPC Admin Columns plugin 2.0.6-2.1.0 - Authenticated (Subscriber+) Privilege Escalation via User Meta Update vulnerability

Authenticated Subscriber+ Privilege Escalation via User Meta Update vulnerability discovered by kr0d in WordPress Plugin WPC Admin Columns versions 2.0.6-2.1.0...

8.8CVSS8.3AI score0.00359EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder