CVE-2025-9321

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WPCasa plugin for WordPress versions prior to 1.4.2

Description The WPCasa plugin for WordPress is susceptible to Code Injection due to insufficient input validation and restriction on the api requests function. This allows unauthenticated attackers to call arbitrary functions and execute code.

Recommendations Update the WPCasa plugin to version 1.4.2 or later.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2025-9321

Affected Products

Wpcasa

CVE-2025-9321

Weakness Enumeration

Related Identifiers

Affected Products

References · 10