Vulnerabilities and security researches forwebcake webcake

Dec 11, 2025

CVE, Research URL: CVE-2025-12165
Home page URL: Security reports for Webcake – Landing Page Builder
Application: Webcake – Landing Page Builder
Date: Dec 05, 2025
Research Description: The Webcake – Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'webcake_save_config' AJAX endpoint in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings.
Affected versions: max 1.1.
Status: vulnerable