CVE-2025-0181

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Feb 11, 2025

CWE ID 288

Summary

CVE-2025-0181 is a privilege escalation vulnerability affecting WP Foodbakery, a plugin used by WordPress sites. The flaw, present in all versions up to 4.7, allows unauthenticated attackers to gain administrator access. The issue stems from the plugin's failure to validate user identity before setting the current user and their authentication cookie, making account takeovers possible. This vulnerability poses a significant risk to WordPress sites using the WP Foodbakery plugin and should be addressed promptly by updating to the latest version.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2H8Nf0
https://www.cve.org/CVERecord?id=CVE-2025-0181
https://nvd.nist.gov/vuln/detail/CVE-2025-0181

Back to Vulnerability Database

CVE-2025-0181

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations