CVE-2025-8425
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-09-11
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | my_wp_translate | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the My WP Translate plugin for WordPress allows authenticated users with Subscriber-level access or higher to modify data without proper authorization. This happens because the ajax_import_strings() function lacks a capability check, enabling attackers to update arbitrary options on the site, including changing the default user role to administrator and enabling user registration. This can lead to attackers gaining administrative access to the WordPress site.
How can this vulnerability impact me? :
This vulnerability can allow attackers with low-level access to escalate their privileges to administrator by modifying site options. They can change the default registration role to administrator and enable user registration, effectively giving themselves or others full administrative control over the WordPress site. This can lead to complete site compromise, data loss, or unauthorized changes.