9 matches found
WordPress Dataverse Integration Missing Authorization Vulnerability
WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...
WordPress Dataverse Integration plugin 2.77-2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
Missing Authorization to Authenticated Subscriber+ Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin Dataverse Integration versions 2.77-2.81...
CVE-2025-7695
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...
CVE-2025-7695
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...
CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...
CVE-2025-7695 Dataverse Integration 2.77 - 2.81 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route
The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its resetpasswordlink REST endpoint in versions 2.77 through 2.81. The endpoint’s handler accepts a client-supplied id, email, or login, looks up that user, and calls...
CVE-2025-7695
CVE-2025-7695 – Dataverse Integration (WordPress) : The Dataverse Integration plugin versions 2.77–2.81 are vulnerable to privilege escalation via the reset_password_link REST endpoint. The handler accepts a client-supplied id, email, or login and calls get_password_reset_key() after only validat...
PT-2025-30655 · WordPress · Dataverse Integration
Name of the Vulnerable Software and Affected Versions: Dataverse Integration versions 2.77 through 2.81 Description: The plugin is susceptible to privilege escalation due to missing authorization checks within the reset password link REST endpoint. The endpoint’s handler unconditionally calls get...
WordPress plugin Dataverse Integration 安全漏洞
WordPress Dataverse Integration is a plugin mainly used to connect WordPress with Dataverse to achieve two-way data synchronization and business application integration. WordPress Dataverse Integration suffers from a lack of authorization vulnerability, which stems from a lack of authorization...