CVE-2025-2933

Name of the Vulnerable Software and Affected Versions Email Notifications for Updates plugin for WordPress versions up to, and including, 1.1.6

Description The issue allows unauthorized modification of data, potentially leading to privilege escalation, due to a missing capability check on the awun import settings() function. This enables authenticated attackers with Subscriber-level access or higher to update arbitrary options on the WordPress site, which can be exploited to gain administrative user access.

Recommendations For Email Notifications for Updates plugin for WordPress versions up to, and including, 1.1.6, update to a version higher than 1.1.6 to resolve the issue. As a temporary workaround, consider restricting access to the awun import settings() function until a patch is available.