资产安全
商业安全
安全服务
返回- 漏洞ID:
- 漏洞类型:其他
- 发布日期:2026-01-17 00:00:00
- 更新时间:2026-01-19 00:00:00
- CVE编号:CVE-2025-15403
- CNNVD-ID:CNNVD-202601-2932
- 漏洞平台:X-Ways
- CVSS评分:
暂无
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin RegistrationMagic 6.0.7.1及之前版本存在安全漏洞,该漏洞源于可通过rm_user_exists AJAX操作访问的add_menu函数允许任意更新admin_order设置,可能导致权限提升。
来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/admin/class_rm_admin.php#L487 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/browser/custom-registration-form-builder-with-submission-manager/trunk/admin/controllers/class_rm_options_controller.php#L562 来源:plugins.trac.wordpress.org 链接:https://plugins.trac.wordpress.org/changeset/3440797/custom-registration-form-builder-with-submission-manager#file2 来源:www.wordfence.com 链接:https://www.wordfence.com/threat-intel/vulnerabilities/id/68dd9f6f-ccee-4a27-bd21-2fb32b92cc62?source=cve 来源:access.redhat.com 链接:https://access.redhat.com/security/cve/cve-2025-15403
微信扫码关注公众号
