Search criteria
2 vulnerabilities found for Takeads by takeads
CVE-2025-12370 (GCVE-0-2025-12370)
Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Title
Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion
Summary
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Nabil Irawan
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Takeads",
"vendor": "takeads",
"versions": [
{
"lessThanOrEqual": "1.0.13",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin\u0027s configuration options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:26.817Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:20:48.000+00:00",
"value": "Disclosed"
}
],
"title": "Takeads \u003c= 1.0.13 - Missing Authorization to Plugin Settings Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12370",
"datePublished": "2025-12-05T05:31:26.817Z",
"dateReserved": "2025-10-27T20:15:45.237Z",
"dateUpdated": "2025-12-05T05:31:26.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12370 (GCVE-0-2025-12370)
Vulnerability from nvd – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Title
Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion
Summary
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options.
Severity ?
4.3 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Nabil Irawan
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Takeads",
"vendor": "takeads",
"versions": [
{
"lessThanOrEqual": "1.0.13",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nabil Irawan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin\u0027s configuration options."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-05T05:31:26.817Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-04T17:20:48.000+00:00",
"value": "Disclosed"
}
],
"title": "Takeads \u003c= 1.0.13 - Missing Authorization to Plugin Settings Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12370",
"datePublished": "2025-12-05T05:31:26.817Z",
"dateReserved": "2025-10-27T20:15:45.237Z",
"dateUpdated": "2025-12-05T05:31:26.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}