← volver
CVE-2025-14370mediumCWE-862

Quote Comments <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update

13Vexday Risk Score

Sin señal de explotación. Ningún artefacto público de explotación conocido hasta ahora.

ssvc Trackcvss 4.3epss 0.2%
probabilidad de explotación
0.2%top 95% de las CVE
explotación observada
noninguna fuente lo reporta
The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Productos afectados
metodiew · Quote Comments