3 matches found
CVE-2025-3452
CVE-2025-3452 concerns the WordPress plugin SecuPress Free (versions up to and including 2.3.9). A missing capability check in the secupress_reinstall_plugins_admin_ajax_cb function allows authenticated attackers with Subscriber-level access and above to install arbitrary plugins, enabling unauth...
CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation
The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'secupressreinstallpluginsadminajaxcb' function in all versions up to, and including, 2.3.9. This makes it possible for authenticated attackers,...
WordPress SecuPress Free plugin <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Installation vulnerability discovered by mikemyers in WordPress Plugin SecuPress Free versions = 2.3.9...