Lucene search
K

4 matches found

Cvelist
Cvelist
added 2025/09/20 4:27 a.m.13 views

CVE-2025-10305 Secure Passkeys <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion

The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the deletepasskey and passkeyslist function in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, t...

5.3CVSS0.00211EPSS
Exploits0References2
CVE
CVE
added 2025/09/20 4:27 a.m.31 views

CVE-2025-10305

CVE-2025-10305 documents a vulnerability in the WordPress Secure Passkeys plugin (versions up to and including 1.2.1) where delete_passkey() and passkeys_list() lack proper authorization checks. This allows authenticated users with Subscriber+ privileges to view and delete passkeys. The issue has...

5.3CVSS4.7AI score0.00211EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/09/20 12:4 a.m.6 views

WordPress Secure Passkeys plugin <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Passkey Exposure and Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Passkey Exposure and Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Secure Passkeys versions = 1.2.1...

5.3CVSS6.7AI score0.00211EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/09/20 12:0 a.m.4 views

WordPress plugin Secure Passkeys 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.2AI score0.00211EPSS
Exploits0References3
Rows per page
Query Builder