CVE-2025-3417

Name of the Vulnerable Software and Affected Versions: Embedder plugin for WordPress versions 1.3 to 1.3.5

Description: The issue allows unauthorized modification of data, leading to privilege escalation due to a missing capability check on the ajax set global option() function. This enables authenticated attackers with Subscriber-level access and above to update arbitrary options on the WordPress site, potentially allowing them to gain administrative user access.

Recommendations: For Embedder plugin for WordPress versions 1.3 to 1.3.5, consider disabling the ajax set global option() function until a patch is available to prevent unauthorized modification of data. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the affected plugin until the issue is resolved.