Security Advisory

CVE-2025-6813

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-18 04:23:00

Last updated 2025-07-18 13:47:18

Assigner Wordfence

State PUBLISHED

Description

The aapanel WP Toolkit plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within the auto_login() function in versions 1.0 to 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to bypass all role checks and gain full admin privileges.

← Browse all CVEs View on cve.org ↗