CVE-2025-12093
Voidek Employee Portal <= 1.0.7 - Missing Authorization
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
05 dic 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The Voidek Employee Portal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.7. This makes it possible for unauthenticated attackers to perform several actions like registering an account, deleting users, and modifying details within the employee portal.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
voidek · Voidek Employee PortalReferencias
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3419774%40voidek-employee-portal&new=3419774%40voidek-employee-portal&sfp_email=&sfph_mail=https://wordpress.org/plugins/voidek-employee-portal/https://www.wordfence.com/threat-intel/vulnerabilities/id/d33b83d5-cfc0-48b6-a54e-1ae8ac52aae1?source=cve