PT-2025-50863 · WordPress · Wpmastertoolkit
Athiwat Tiprasaharn
+6
·
Published
2025-12-12
·
Updated
2025-12-12
·
CVE-2025-14166
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WPMasterToolKit plugin for WordPress versions prior to 2.13.1
Description
The WPMasterToolKit plugin for WordPress allows authenticated attackers with Contributor-level access or above to execute arbitrary PHP code on the server. This is possible because the plugin permits Author-level users to create and execute PHP code through the Code Snippets feature without sufficient capability checks. Successful exploitation can lead to remote code execution, privilege escalation, and complete site compromise.
Recommendations
Update the WPMasterToolKit plugin to version 2.13.1 or later.
Fix
LPE
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpmastertoolkit