PT-2026-20621 · WordPress · Virusdie – One-Click Website Security
Published
2026-02-19
·
Updated
2026-02-19
·
CVE-2025-14864
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Virusdie - One-click website security plugin for WordPress versions through 1.1.7
Description
The Virusdie - One-click website security plugin for WordPress is susceptible to exposure of sensitive information. The issue stems from a lack of appropriate capability checks within the
vd get apikey function, which is connected to the wp ajax virusdie apikey action. This allows authenticated attackers possessing Subscriber-level access or higher to obtain the site’s Virusdie API key. Successful retrieval of the API key could potentially grant access to the site owner’s Virusdie account and compromise site security.Recommendations
Update Virusdie - One-click website security plugin for WordPress to a version later than 1.1.7.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Virusdie – One-Click Website Security