Description
Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.
Published: 2025-04-17
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in weak authentication handling within the Quentn WP plugin, which permits an attacker to elevate privileges on the WordPress site. This flaw, identified as CWE‑1390, allows a user with insufficient rights to acquire full administrative control, potentially leading to complete site compromise.

Affected Systems

The flaw affects the Quentn WP plugin from the initial release through version 1.2.8. Users running any version of the plugin up to and including 1.2.8 are vulnerable; no later versions are specified as affected.

Risk and Exploitability

The CVSS score of 9.8 reflects the high severity of the attack. Although the EPSS score is less than 1%, indicating a low probability of widespread exploitation at this time, the vulnerability is not listed in the CISA KEV catalog. The description implies that the attack exploits weak or absent authentication checks, most likely through unauthenticated or poorly authenticated plugin endpoints. Once accessed, an attacker could modify settings, create users, and potentially hijack the entire WordPress installation.

Generated by OpenCVE AI on April 30, 2026 at 22:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Quentn WP plugin to the latest version (1.2.9 or newer) to remove the weak authentication flaw.
  • If the updated plugin is not immediately available, disable the plugin entirely to block the exploited entry points.
  • Ensure the WordPress core, theme, and all other plugins are kept up-to-date and limit administrative accounts to essential users only.

Generated by OpenCVE AI on April 30, 2026 at 22:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-11760 Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8. Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.
Title WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability WordPress Quentn WP plugin <= 1.2.8 - Privilege Escalation Vulnerability
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Thu, 17 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 17 Apr 2025 16:00:00 +0000

Type Values Removed Values Added
Description Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.
Title WordPress Quentn WP <= 1.2.8 - Privilege Escalation Vulnerability
Weaknesses CWE-1390
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:36.100Z

Reserved: 2025-04-16T06:26:52.002Z

Link: CVE-2025-39596

cve-icon Vulnrichment

Updated: 2025-04-17T17:43:02.821Z

cve-icon NVD

Status : Deferred

Published: 2025-04-17T16:15:59.350

Modified: 2026-04-23T15:29:51.580

Link: CVE-2025-39596

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T22:30:02Z

Weaknesses