Unauthorized Access Vulnerability in PGS Core WordPress Plugin
CVE-2025-0856

7.3HIGH

Key Information:

Vendor: WordPress
Status: Pgs Core
Vendor: CVE Published:; 6 May 2025

What is CVE-2025-0856?

The PGS Core plugin for WordPress is susceptible to unauthorized access and data manipulation due to insufficient capability checks in several functions. This flaw affects all versions up to and including 5.8.0, enabling unauthenticated malicious users to add, modify, or delete plugin options, potentially leading to data loss and integrity issues.

Affected Version(s)

PGS Core * <= 5.8.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://docs.potenzaglobalsolutions.com/docs/ciyashop-wp/...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2025
Vulnerability Reserved
Jan 29, 2025

Credit

István Márton