PT-2025-43709 · WordPress · Wp Vr – 360 Panorama/Free Virtual Tour Builder For Wordpress

Rafshanzani Suhada

Published

2025-10-25

Updated

2025-10-25

CVE-2025-12005

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin versions prior to 8.5.42

Description The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin does not properly verify user authorization, leading to unauthorized data access. Authenticated attackers with contributor-level access or higher can modify sensitive plugin options.

Recommendations Update to version 8.5.42 or later.

Fix

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285

Related Identifiers

CVE-2025-12005

Affected Products

Wp Vr – 360 Panorama/Free Virtual Tour Builder For Wordpress

CVE-2025-12005

Weakness Enumeration

Related Identifiers

Affected Products

References · 7