CVE-2025-4855 – WordPress Support Board Plugin Unauthenticated Data Access and Modification

July 9, 2025

CVE ID : CVE-2025-4855

Published : July 9, 2025, 12:15 a.m. | 6 hours, 9 minutes ago

Description : The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. An attacker can use this vulnerability to exploit CVE-2025-4828 and various other functions unauthenticated.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7206 – D-Link DIR-825 HTTPd Stack-Based Buffer Overflow

Next Article CVE-2025-4828 – WordPress Support Board Plugin Arbitrary File Deletion Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-4855 – WordPress Support Board Plugin Unauthenticated Data Access and Modification

CVE-2025-49717 – Microsoft SQL Server Heap Buffer Overflow Vulnerability

CVE-2025-49723 – Windows StateRepository API Authorization Bypass

CVE-2025-32469 – RUGGEDCOM ROX Command Injection Vulnerability

AlphaDev discovers faster sorting algorithms

I changed 10 OnePlus phone settings to significantly improve the user experience

CVE-2025-4815 – Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE-2025-47228 – Shell Injection Vulnerability in Netmake ScriptCase Production Environment Extension

KDE Plasma 6.4 su Arch Linux: Necessaria l’Installazione Manuale di Pacchetti

Microsoft Edge 136 revamps many of the browser’s sections

AOL blocks malicious ads from its advertising platform

CVE-2025-4855 – WordPress Support Board Plugin Unauthenticated Data Access and Modification

Related Posts