CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

April 25, 2025

CVE ID : CVE-2025-2238

Published : April 25, 2025, 7:15 a.m. | 15 minutes ago

Description : The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the ‘vikinger_user_meta_update_ajax’ function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator-level.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3743 – WooCommerce Upsell Funnel Builder Order Manipulation Vulnerability

Next Article CVE-2025-46613 – OpenPLC Server Memory Corruption

Highlights

CVE-2025-52922 – Innoshop Directory Traversal Remote File Inclusion

June 23, 2025

CVE ID : CVE-2025-52922

Published : June 23, 2025, 12:15 p.m. | 2 hours, 31 minutes ago

Description : Innoshop through 0.4.1 allows directory traversal via FileManager API endpoints. An authenticated attacker with access to the admin panel could abuse this to: (1) fully map the filesystem structure via the /api/file_manager/files?base_folder= endpoint, (2) create arbitrary directories on the server via the /api/file_manager/directories endpoint, (3) read arbitrary files from the server by copying the file to a readable location within the application via the /api/file_manager/copy_files endpoint, {4) delete arbitrary files from the server via a DELETE request to /api/file_manager/files, or (5) create arbitrary files on the server by uploading them and then leveraging the /api/file_manager/move_files endpoint to move them anywhere in the filesystem.

Severity: 7.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Optimizely Mission Control – Part III

Optimizely Mission Control – Part III

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

DistroWatch Weekly, Issue 1139

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

Dmitry — The Deep Magic

CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Third Parties and Machine Credentials: The Silent Drivers Behind 2025’s Worst Breaches

React Router Vulnerabilities Let Attackers Spoof Contents & Modify Values

CVE-2025-5117 – WordPress Property Plugin Privilege Escalation Vulnerability

How to Fix Error 0x800f0905 When Uninstalling KB5063878 on Windows 11

CVE-2025-52922 – Innoshop Directory Traversal Remote File Inclusion

Tracking Cache Activity with Laravel Events

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

Rilasciata Rocky Linux 9.6: Nuova Versione Basata su Red Hat Enterprise Linux 9.6

CVE-2025-2238 – Vikinger WordPress Privilege Escalation Vulnerability

Related Posts