cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forimport-export-with-custom-rest-api import-export-with-custom-rest-api

Direction: ascending
Jun 15, 2025

REST API | Custom API Generator For Cross Platform And Import Export In WP # CVE-2025-5288

CVE, Research URL

CVE-2025-5288

Home page URL

Security reports for REST API | Custom API Generator For Cross Platform And Import Export In WP

Application

REST API | Custom API Generator For Cross Platform And Import Export In WP

Date
Jun 13, 2025
Research Description
The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.
Affected versions
Min -, max -.
Status
vulnerable