Vulnerabilities and security researches foreasy-theme-options easy-theme-options

Jan 10, 2026

CVE, Research URL: CVE-2025-14367
Home page URL: Security reports for Easy Theme Options
Application: Easy Theme Options
Date: Dec 13, 2025
Research Description: The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in the eto_import_settings function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import arbitrary plugin settings via the 'eto_import_settings' parameter.
Affected versions: max 1.0.
Status: vulnerable