|
|
|||
| Rule General Information |
|---|
| Release Date: | 2025-08-19 | |
| Rule Name: | WordPress plugin Spreadsheet Price Changer Privilege Escalation Vulnerability (CVE-2025-48129) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | WordPress and WordPress plugins are products of the WordPress Foundation. WordPress is a blog platform developed in PHP. It supports the setup of personal blog websites on servers running PHP and MySQL.Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows Privilege Escalation. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. | |
| Impact: | An unauthenticated attacker can create administrative-level accounts to elevate privileges without requiring any prior access permissions. This allows the attacker to gain full control over the WordPress website. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://patchstack.com/database/wordpress/plugin/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/vulnerability/wordpress-spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-2-4-37-privilege-escalation-vulnerability?_s_id=cve |
|
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |