cleantalk
Vulnerabilities and Security Researches

Password Policy Manager | Password Manager, CVE-2025-11255

CVE, Research URL

CVE-2025-11255

Home page URL

Security reports for Password Policy Manager | Password Manager

Application

Password Policy Manager | Password Manager

Published on
Oct 25, 2025
Research Description
The Password Policy Manager | Password Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'moppm_ajax' AJAX endpoint in all versions up to, and including, 2.0.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log out the site's connection to miniorange.
Affected versions
max 2.0.6.
Status
vulnerable
Previous vulnerability researches
WP AdCenter – Ad Manager & Adsense Ads (CVE-2025-31860) , Apr 04, 2025
WP AdCenter – Ad Manager & Adsense Ads (CVE-2025-53278) , Jul 03, 2025
WP AdCenter – Ad Manager & Adsense Ads (CVE-2024-10113) , Nov 16, 2024
WP AdCenter – Ad Manager & Adsense Ads (CVE-2025-62984) , Nov 10, 2025
WP AdCenter – Ad Manager & Adsense Ads (CVE-2024-8317) , Sep 07, 2024
New vulnerability
Business Directory Plugin – Easy Listing Directories for WordPress (CVE-2025-64219) , Nov 10, 2025
WP-Lister Lite for eBay (CVE-2025-62881) , Nov 10, 2025
MDTF – Meta Data and Taxonomies Filter (CVE-2025-49907) , Nov 10, 2025
MDTF – Meta Data and Taxonomies Filter (CVE-2025-62964) , Nov 10, 2025
MDTF – Meta Data and Taxonomies Filter (CVE-2025-62069) , Nov 10, 2025