Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
Fixes

Solution

Update the WordPress Custom API for WP plugin to the latest available version (at least 4.2.3).


Workaround

No workaround given by the vendor.

History

Tue, 26 Aug 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 21 Aug 2025 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 20 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
Title WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 9.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2025-08-26T18:52:06.023Z

Reserved: 2025-07-16T08:52:07.076Z

Link: CVE-2025-54049

cve-icon Vulnrichment

Updated: 2025-08-20T15:13:32.052Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-20T08:15:47.960

Modified: 2025-08-20T14:39:07.860

Link: CVE-2025-54049

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-21T12:31:22Z