4.3

CVE-2025-12005

EPSS 0.05%
Veröffentlicht 25.10.2025 05:31:23
Zuletzt bearbeitet 27.10.2025 13:20:15
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.41 - Improper Authorization to Authenticated (Contributor+) Plugin Settings Update

The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 8.5.41. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor level access and above, to modify sensitive plugin options.

Mögliche Gegenmaßnahme

WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress: Update to version 8.5.42, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

Version *-8.5.41

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerrextheme

≫

Produkt WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress

Default Statusunaffected

Version <= 8.5.41

Version *

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.139

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcbc0cf-69e5-4d6e-8987-a0fbbaf41740?source=cve

https://plugins.trac.wordpress.org/browser/wpvr/tags/8.5.41/admin/classes/class-wpvr-ajax.php#L467

https://plugins.trac.wordpress.org/browser/wpvr/tags/8.5.41/admin/class-wpvr-admin.php#L295

https://www.wordfence.com/threat-intel/vulnerabilities/id/9bcbc0cf-69e5-4d6e-8987-a0fbbaf41740

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-12005

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-12005

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-12005

EUVD