Vchasno Kasa, CVE-2025-6720

CVE, Research URL: CVE-2025-6720
Home page URL: Security reports for Vchasno Kasa
Application: Vchasno Kasa
Published on: Jul 19, 2025
Research Description: The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files.
Affected versions: Min -, max 1.0.4.
Status: vulnerable