How severe is CVE-2025-14370?

CVE-2025-14370 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-14370

5.3MEDIUM

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin f

Publicado: 1/7/2026Actualizado: 1/8/2026

Descripción

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.

Análisis IAImpulsado por IA

Referencias

https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve