CVE-2025-0181
WP Foodbakery <= 4.7 - Authentication Bypass in foodbakery_parse_request
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2025-01-02 CVE Reserved
- 2025-02-10 CVE Published
- 2025-02-12 EPSS Updated
- 2025-02-28 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-288: Authentication Bypass Using an Alternate Path or Channel
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Chimpstudio Search vendor "Chimpstudio" | WP Foodbakery Search vendor "Chimpstudio" for product "WP Foodbakery" | <= 4.7 Search vendor "Chimpstudio" for product "WP Foodbakery" and version " <= 4.7" | en |
Affected
| ||||||