cleantalk
Vulnerabilities and Security Researches

WP VR – 360 Panorama and Virtual Tour Builder For WordPress, CVE-2025-12005

CVE, Research URL

CVE-2025-12005

Home page URL

Security reports for WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Application

WP VR – 360 Panorama and Virtual Tour Builder For WordPress

Published on
Oct 25, 2025
Research Description
The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to unauthorized access of data in all versions up to, and including, 8.5.41. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with contributor level access and above, to modify sensitive plugin options.
Affected versions
max 8.5.42.
Status
vulnerable
Previous vulnerability researches
Post Grid for Elementor & Product Grid | PowerGrids (513b8cac04964f7c742c50353b32f41d519b21a5) , Jun 07, 2024
New vulnerability
Backup and Move Plugin (CVE-2025-53246) , Nov 11, 2025
SEO Pyramid (CVE-2025-53427) , Nov 11, 2025
ViaAds (CVE-2025-12070) , Nov 11, 2025
WP Guppy Lite – A live chat plugin for WordPress (CVE-2025-49910) , Nov 11, 2025
Email Template Customizer for WooCommerce (CVE-2025-64200) , Nov 11, 2025