Privilege Escalation Vulnerability in WP Foodbakery Plugin for WordPress
CVE-2025-0181

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Foodbakery
Vendor: CVE Published:; 11 February 2025

Summary

The WP Foodbakery plugin for WordPress is susceptible to privilege escalation due to insufficient validation of user identities prior to setting the current user and their authentication cookie. This vulnerability enables unauthenticated attackers to exploit the flaw and gain unauthorized access to targeted user accounts, such as those of administrators, thereby compromising the security of the entire WordPress site.

Affected Version(s)

WP Foodbakery * <= 4.7

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://themeforest.net/item/food-bakery-restaurant-baker...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 11, 2025
Vulnerability Reserved
Jan 2, 2025

Credit

Tonn