3 matches found
CVE-2025-6813
creationtimestamp| type| source ---|---|--- 2025-07-18 06:30:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lu7t3whstd2w...
CVE-2025-6813 aapanel WP Toolkit 1.0 - 1.1 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via auto_login() Function
The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the autologin function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gai...
CVE-2025-6813
CVE-2025-6813 affects the WordPress plugin aapanel WP Toolkit (versions 1.0–1.1). The root cause is missing authorization checks in the auto_login() function, enabling authenticated users with Subscriber-level access and above to bypass role checks and gain full admin privileges. The CVE is curre...