How severe is CVE-2025-14370?

CVE-2025-14370 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-14370

5.3MEDIUM

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin f

게시됨: 1/7/2026업데이트됨: 1/8/2026

설명

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.

AI 분석AI 기반

참조

https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve