cleantalk
Vulnerabilities and Security Researches

WP Last Modified Info, CVE-2025-14608

CVE, Research URL

CVE-2025-14608

Home page URL

Security reports for WP Last Modified Info

Application

WP Last Modified Info

Published on
Feb 14, 2026
Research Description
The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk_save' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to update the last modified metadata and lock the modification date of arbitrary posts, including those created by Administrators via the 'post_ids' parameter.
Affected versions
max 1.9.6.
Status
vulnerable
Previous vulnerability researches
Strong Testimonials (CVE-2024-47362) , Oct 03, 2024
Strong Testimonials (CVE-2025-7367) , Jul 15, 2025
Strong Testimonials (CVE-2025-14426) , Jan 28, 2026
Strong Testimonials (CVE-2023-6491) , Jun 09, 2024
Strong Testimonials (CVE-2025-11268) , Nov 10, 2025
New vulnerability
Remoji – Post/Comment Reaction and Enhancement (CVE-2026-25452) , Mar 30, 2026
Spa and Salon (CVE-2026-25374) , Mar 30, 2026
Poll | Vote | Contest – Best Poll Plugin for WordPress (CVE-2026-27044) , Mar 30, 2026
Podlove Web Player (CVE-2026-24385) , Mar 30, 2026
Latest Post Shortcode (CVE-2026-31916) , Mar 30, 2026