cleantalk
Vulnerabilities and Security Researches

Supervisor, CVE-2025-11887

CVE, Research URL

CVE-2025-11887

Home page URL

Security reports for Supervisor

Application

Supervisor

Published on
Oct 24, 2025
Research Description
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update various plugin settings.
Affected versions
max 1.3.3.
Status
vulnerable
Previous vulnerability researches
WP Statistics (CVE-2025-9816) , Nov 10, 2025
WP Statistics , May 27, 2025
WP Statistics (CVE-2025-55716) , Aug 16, 2025
WP Statistics (CVE-2022-25149) , Jun 07, 2024
WP Statistics (CVE-2022-25307) , Jun 07, 2024
New vulnerability
Link Whisper Free (CVE-2025-62970) , Nov 10, 2025
AI ChatBot with ChatGPT and Content Generator by AYS (CVE-2025-62039) , Nov 10, 2025
Name: Print Button Shortcode (CVE-2025-11810) , Nov 10, 2025
Pagerank tools (CVE-2025-12416) , Nov 10, 2025
Advanced Database Cleaner (CVE-2025-11497) , Nov 10, 2025