CVE-2025-5812

The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited post settings.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://plugins.trac.wordpress.org/browser/vgw-metis/trunk/classes/admin.php#L422
https://www.wordfence.com/threat-intel/vulnerabilities/id/b9edcbdc-5b01-4880-95ec-57d87ccbb472?source=cve

Configurations

No configuration.

History

26 Jun 2025, 18:57

Type	Values Removed	Values Added
Summary		(es) El complemento VG WORT METIS para WordPress es vulnerable a la modificación no autorizada de datos debido a la falta de una comprobación de capacidad en la función gutenberg_save_post() en todas las versiones hasta la 2.0.0 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, actualicen la configuración limitada de las publicaciones.

26 Jun 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-26 02:15

Updated : 2025-06-26 18:57

NVD link : CVE-2025-5812

Mitre link : CVE-2025-5812

CVE.ORG link : CVE-2025-5812

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

4.3 /10