cleantalk
Vulnerabilities and Security Researches

DominoKit, CVE-2025-12350

CVE, Research URL

CVE-2025-12350

Home page URL

Security reports for DominoKit

Application

DominoKit

Published on
Nov 04, 2025
Research Description
The DominoKit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint in all versions up to, and including, 1.1.0. This makes it possible for unauthenticated attackers to update plugin settings.
Affected versions
max 1.1.0.
Status
vulnerable
Previous vulnerability researches
SNORDIAN's H5PxAPIkatchu (CVE-2025-30821) , Apr 02, 2025
New vulnerability
Top Bar Notification (CVE-2025-12412) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7526) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7634) , Nov 10, 2025
Podlove Web Player (CVE-2025-62908) , Nov 10, 2025
Simple Content Templates for Blog Posts & Pages (CVE-2025-62958) , Nov 10, 2025