How severe is CVE-2025-14370?

CVE-2025-14370 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-14370

5.3MEDIUM

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin f

公開日: 1/7/2026更新日: 1/8/2026

説明

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.

AI分析AIによる分析

参照

https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve