PT-2025-51074 · WordPress · Annuncifunebri Impresa
Abhirup Konwar
·
Published
2025-12-13
·
Updated
2025-12-13
·
CVE-2025-14447
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AnnunciFunebri Impresa plugin for WordPress versions through 4.7.0
Description
The AnnunciFunebri Impresa plugin for WordPress has a flaw that allows unauthorized data modification. This is due to a missing capability check within the
annfu reset options() function. Attackers with Subscriber-level access or higher can delete all 29 plugin options, resetting the plugin to its default state.Recommendations
Update to a version of the AnnunciFunebri Impresa plugin later than 4.7.0.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Annuncifunebri Impresa