CVE-2025-0181

CRITICAL Year: 2025
CVSS v3 Score
9.8
Critical
Weakness Type
CWE-288
View all →

Vulnerability Description

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.7. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account.

Related Vulnerabilities

CVE-2017-5174

CRITICAL
CVSS:9.8(Critical)

An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architectur...

CWE-2882017

CVE-2017-9944

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticate...

CWE-2882017

CVE-2018-17918

CRITICAL
CVSS:9.8(Critical)

Circontrol CirCarLife all versions prior to 4.3.1, authentication to the device can be bypassed by entering the URL of a specific page.

CWE-2882018

CVE-2018-4852

CRITICAL
CVSS:9.8(Critical)

A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to the device could potentially circumvent the authentication mech...

CWE-2882018

CVE-2018-8859

CRITICAL
CVSS:9.8(Critical)

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specifi...

CWE-2882018

CVE-2019-18250

CRITICAL
CVSS:9.8(Critical)

In all versions of ABB Power Generation Information Manager (PGIM) and Plant Connect, the affected product is vulnerable to authentication bypass, which may allow an attacker to remotely bypass authen...

CWE-2882019