4 matches found
CVE-2025-1233
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
CVE-2025-1233 Lafka Plugin <= 7.1.0 - Missing Authorization to Authenticated (Subscriber+) Theme Option Update
The Lafka Plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'lafkaoptionsupload' AJAX function in all versions up to, and including, 7.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the...
PT-2025-15056 · WordPress · Lafka Plugin
Name of the Vulnerable Software and Affected Versions: Lafka Plugin for WordPress versions up to, and including, 7.1.0 Description: The issue is related to unauthorized access due to a missing capability check on the lafka options upload AJAX function. This allows authenticated attackers with...