CVE-2025-0661

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Feb 13, 2025

Updated: Feb 24, 2025

CWE ID 639

Summary

CVE-2025-0661 is a vulnerability affecting the DethemeKit For Elementor plugin for WordPress. The issue lies in the plugin's duplicate_post() function, which has insufficient access restrictions. This allows authenticated attackers with Contributor-level access and above to duplicate posts that are password protected, private, draft, or scheduled, thereby exposing data from these posts that they should not have access to.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2umZ_Z
https://www.cve.org/CVERecord?id=CVE-2025-0661
https://nvd.nist.gov/vuln/detail/CVE-2025-0661

Back to Vulnerability Database

CVE-2025-0661

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations