PT-2025-6163 · WordPress · Wp Foodbakery
Tonn
·
Published
2025-02-11
·
Updated
2025-02-17
·
CVE-2025-0180
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
WP Foodbakery plugin for WordPress versions prior to 3.4
Description:
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
Recommendations:
For WP Foodbakery plugin for WordPress versions prior to 3.4, update to a version later than 3.3 to resolve the issue. As a temporary workaround, consider restricting user registration or limiting the privileges of newly registered users until the update can be applied.
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Foodbakery