How severe is CVE-2025-14370?

CVE-2025-14370 has a CVSS v3 score of 5.3 (MEDIUM).

CVE-2025-14370

5.3MEDIUM

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin f

发布于: 1/7/2026更新于: 1/8/2026

描述

The Quote Comments plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.0.0. This is due to missing authorization checks in the quotecomments_add_admin function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary plugin options via the 'action' parameter.

AI分析AI驱动

参考资料

https://plugins.trac.wordpress.org/browser/quote-comments/tags/3.0.0/quote-comments.php#L309
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ebe0767-db22-4995-bdf1-5ebb48f960e9?source=cve