CVE-2025-0180

Published Feb 11, 2025

Last updated 2 months ago

CVSS critical 9.8

Overview

Description
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security@wordfence.com
CWE-269

Social media

Hype score
Not currently trending

  1. CVE-2025-0180 (CVSS:9.8, CRITICAL) is Awaiting Analysis. The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. ..https://t.co/mbuWtNkvFd #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    16 Feb 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2025-0180 ⚠️🔴 CRITICAL (9.8) 🏢 Chimpstudio - WP Foodbakery 🏗️ * 🔗 https://t.co/WpZ7fvRGSI 🔗 https://t.co/goPPOZ5LOv #CyberCron #VulnAlert https://t.co/tRRDOC7xLi

    @cybercronai

    12 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-0180 WordPress WP Foodbakery Plugin Unauthenticated Privilege Escalation to Administrator https://t.co/VrXxYIZ1Dv

    @VulmonFeeds

    11 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-0180 The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3. This is due to the plugin not properly restricti… https://t.co/wSSv4q6nCj

    @CVEnew

    11 Feb 2025

    423 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [CVE-2025-0180: CRITICAL] WordPress Foodbakery plugin v3.3 and below is vulnerable to privilege escalation due to unrestricted user meta updates, allowing unauthorized admin registrations. #cybersecurity#cybersecurity,#vulnerability https://t.co/f2DfRRW0Y3 https://t.co/jor8zedvYs

    @CveFindCom

    11 Feb 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References