CVE-2025-0951

Name of the Vulnerable Software and Affected Versions: LiquidThemes WordPress plugins and themes (affected versions not specified)

Description: Multiple plugins and/or themes developed by LiquidThemes for WordPress are susceptible to unauthorized access due to the absence of a capability check within the liquid reset wordpress before AJAX function. This allows authenticated attackers with Subscriber-level access or higher to deactivate all plugins on a WordPress site. The developer implemented a nonce check as a mitigation, but this measure is insufficient as the nonce is exposed to users with dashboard access.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.