CVE-2025-0180 – WordPress Foodbakery Plugin Privilege Escalation Vulnerability

The following table lists the changes that have been made to the CVE-2025-0180 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Feb. 11, 2025

    Action Type Old Value New Value
    Added Description The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-269
    Added Reference https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
    Added Reference https://www.wordfence.com/threat-intel/vulnerabilities/id/d7140a6e-a528-428e-850e-5e4a481c5d7d?source=cve

نوشته های مشابه

CVE-2024-10644 – Ivanti Connect Secure and Ivanti Policy Secure Code Injection Vulnerability

CVE-2024-47908 – Ivanti CSA OS Command Injection Vulnerability

CVE-2025-22467 – Ivanti Connect Secure Stack-Based Buffer Overflow Vulnerability

CVE-2025-24896 – Misskey Persistent Authentication Token Vulnerability