CVE-2025-5288 – WordPress Custom API Generator Privilege Escalation Vulnerability

June 13, 2025

CVE ID : CVE-2025-5288

Published : June 13, 2025, 3:15 a.m. | 2 hours, 29 minutes ago

Description : The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5491 – Acer ControlCenter Remote Code Execution Vulnerability

Next Article CVE-2025-4584 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-5288 – WordPress Custom API Generator Privilege Escalation Vulnerability

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Usermode FTP Server – access your files from another device

CVE-2025-3610 – Reales WP STPT Privilege Escalation and Account Takeover Vulnerability in WordPress

Vulnerabilities in Netis Systems WF2220 software

CVE-2025-46804 – Screen Information Disclosure Vulnerability

Microsoft says Edge 134 is the fastest version of the browser ever

Rilasciato GNU Nano 8.5: L’editor di testo a riga di comando con ancore salvate e colorazione della sintassi migliorata

Scalable and Principled Reward Modeling for LLMs: Enhancing Generalist Reward Models RMs with SPCT and Inference-Time Optimization

Interactive Text Destruction with Three.js, WebGPU, and TSL

CVE-2025-5288 – WordPress Custom API Generator Privilege Escalation Vulnerability

Related Posts