CVE-2025-1528

14 Mar 2025

Jose Alexis Correa Valencia
0 Comentarios

Título es
CVE-2025-1528

Vie, 14/03/2025 – 05:15

Tipo
CWE-862

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-1528

Descripción en
The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_meta_values' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the values of arbitrary post meta.

14/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)
4.30

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
MEDIUM

Referencias

https://searchandfilter.com/search-filter-2-5-20-security-release/

https://www.wordfence.com/threat-intel/vulnerabilities/id/47adb5fe-534f-48a9-81a3-883e1d2cda7f?source=cve

Enviar en el boletín
Off

CVE-2025-1528

CVE-2025-1528

Jose Alexis Correa Valencia