Lucene search
+L

5 matches found

redhatcve
redhatcve
added 2025/07/06 2:18 a.m.11 views

CVE-2025-5956

The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajaxdeleteemployee function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $POST'delete' array and passes each ID...

8.1CVSS6.3AI score0.00293EPSS
Exploits0References1
nvd
nvd
added 2025/07/04 3:15 a.m.7 views

CVE-2025-5956

The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajaxdeleteemployee function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $POST'delete' array and passes each ID...

8.1CVSS0.00293EPSS
Exploits0References3
cvelist
cvelist
added 2025/07/04 1:44 a.m.16 views

CVE-2025-5956 WP Human Resource Management 2.0.0 - 2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion via ajax_delete_employee Function

The WP Human Resource Management plugin for WordPress is vulnerable to Arbitrary User Deletion due to a missing authorization within the ajaxdeleteemployee function in versions 2.0.0 through 2.2.17. The plugin’s deletion handler reads the client-supplied $POST'delete' array and passes each ID...

6.5CVSS0.00293EPSS
Exploits0References3
cve
cve
added 2025/07/04 1:44 a.m.37 views

CVE-2025-5956

CVE-2025-5956 concerns the WordPress plugin WP Human Resource Management (versions 2.0.0–2.2.17). The root cause is missing authorization in the ajax_delete_employee() handler, which reads $_POST['delete'] and passes IDs to wp_delete_user() without verifying delete_users capability or restricting...

8.1CVSS6.3AI score0.00293EPSS
Exploits0References3Affected Software1
patchstack
patchstack
added 2025/07/03 11:14 p.m.9 views

WordPress WP Human Resource Management plugin 2.0.0-2.2.17 - Missing Authorization to Authenticated (Employee+) Arbitrary User Deletion vulnerability

Missing Authorization to Authenticated Employee+ Arbitrary User Deletion vulnerability discovered by kr0d in WordPress Plugin WP Human Resource Management versions 2.0.0-2.2.17...

8.1CVSS6.8AI score0.00293EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder