Unauthorized Access Vulnerability in PGS Core WordPress Plugin
CVE-2025-0856

7.3HIGH

Key Information:

Vendor: WordPress
Status: Pgs Core
Vendor: CVE Published:; 6 May 2025

What is CVE-2025-0856?

The PGS Core plugin for WordPress is susceptible to unauthorized access and data manipulation due to insufficient capability checks in several functions. This flaw affects all versions up to and including 5.8.0, enabling unauthenticated malicious users to add, modify, or delete plugin options, potentially leading to data loss and integrity issues.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

PGS Core * <= 5.8.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
Jan 29, 2025

Credit

István Márton

JSON

WordPress