CVE-2025-0181 – WordPress Foodbakery Plugin Privilege Escalation Vulnerability

The following table lists the changes that have been made to the CVE-2025-0181 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user’s identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user’s (e.g. administrators) account.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-288
    Added Reference https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
    Added Reference https://www.wordfence.com/threat-intel/vulnerabilities/id/d722ec8d-bfca-4da1-8eb0-8d33735c5e44?source=cve

نوشته های مشابه

CVE-2024-10644 – Ivanti Connect Secure and Ivanti Policy Secure Code Injection Vulnerability

CVE-2024-47908 – Ivanti CSA OS Command Injection Vulnerability

CVE-2025-22467 – Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability

CVE-2025-24896 – Misskey Persistent Authentication Token Vulnerability