cleantalk
Vulnerabilities and Security Researches

WP VR – 360 Panorama and Virtual Tour Builder For WordPress, CVE-2025-12005

CVE, Research URL

CVE-2025-12005

Home page URL

Security reports for WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Application

WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Published on
Oct 25, 2025
Research Description
The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 8.5.41. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor level access and above, to modify sensitive plugin options.
Affected versions
max 8.5.42.
Status
vulnerable
Previous vulnerability researches
Lazy Load Optimizer (CVE-2025-60074) , Nov 10, 2025
New vulnerability
UNIVERSAM (CVE-2025-60238) , Nov 11, 2025
Microsoft Start (CVE-2025-62931) , Nov 11, 2025
Contact Form by Supsystic (CVE-2025-52753) , Nov 11, 2025
Post Connector (CVE-2025-52741) , Nov 11, 2025
Flights & Hotels Booking WP Plugin (CVE-2025-62916) , Nov 11, 2025