8.8

CVE-2025-5835

EPSS 0.06%
Veröffentlicht 25.07.2025 07:15:27
Zuletzt bearbeitet 28.07.2025 15:15:01
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

Droip <= 2.2.6 - Missing Authorization to Authenticated (Subscriber+) Many Actions

The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more.

Mögliche Gegenmaßnahme

Droip: Update to version 2.3.0, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Droip

Version *-2.2.6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Themeum ≫ Droip SwPlatformwordpress Version <= 2.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.187

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@wordfence.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://droip.com/

Product

https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e6b451-9835-4887-ade7-b18807223a88?source=cve

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e6b451-9835-4887-ade7-b18807223a88

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-5835

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-5835

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-5835

EUVD