CVE-2025-2779

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Published Apr 2, 2025

CWE ID 908

Summary

CVE-2025-2779 is a vulnerability affecting the Insert Headers and Footers Code – HT Script plugin for WordPress. this issue stems from a missing capability check on the ajax_dismiss function, present in all plugin versions up to 1.1.2. As a result, authenticated attackers, including those with Subscriber-level access, can manipulate option values on the WordPress site. By updating certain options to 1/true, attackers can create errors that deny access to legitimate users or enable unwanted functionalities, such as user registration.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

GraphicsMagick

Affected Vendors

Graphicsmagick

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/4EETVh
https://www.cve.org/CVERecord?id=CVE-2025-2779
https://nvd.nist.gov/vuln/detail/CVE-2025-2779

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners