Search criteria

1 vulnerability by takeads

CVE-2025-12370 (GCVE-0-2025-12370)

Vulnerability from cvelistv5 – Published: 2025-12-05 05:31 – Updated: 2025-12-05 05:31
VLAI?
Title
Takeads <= 1.0.13 - Missing Authorization to Plugin Settings Deletion
Summary
The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin's configuration options.
Severity ?
4.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
takeads Takeads Affected: * , ≤ 1.0.13 (semver)
Create a notification for this product.
Credits
Nabil Irawan
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Takeads",
          "vendor": "takeads",
          "versions": [
            {
              "lessThanOrEqual": "1.0.13",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nabil Irawan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Takeads plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.13. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete the plugin\u0027s configuration options."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862 Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-05T05:31:26.817Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9f3619d9-7572-439e-a284-d59ef5de08f3?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/monetize-link/tags/1.0.13/src/MLP_Ajax.php#L8"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-12-04T17:20:48.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Takeads \u003c= 1.0.13 - Missing Authorization to Plugin Settings Deletion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-12370",
    "datePublished": "2025-12-05T05:31:26.817Z",
    "dateReserved": "2025-10-27T20:15:45.237Z",
    "dateUpdated": "2025-12-05T05:31:26.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}