{"uuid": "9a19ccae-e2ce-437e-ad4d-89aeee48ba33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-5288", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18255", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-5288\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the process_handler() function in versions 1.0.0 to 2.0.3. This makes it possible for unauthenticated attackers to POST an arbitrary import_api URL, import specially crafted JSON, and thereby create a new user with full Administrator privileges.\n\ud83d\udccf Published: 2025-06-13T01:47:46.475Z\n\ud83d\udccf Modified: 2025-06-13T01:47:46.475Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/0e2774fc-f028-436c-a8af-3c17378b9743?source=cve\n2. https://plugins.trac.wordpress.org/browser/import-export-with-custom-rest-api/tags/2.0.3/backend/methods/wot-rapi-import-functions.php#L123\n3. https://wordpress.org/plugins/import-export-with-custom-rest-api/#developers", "creation_timestamp": "2025-06-13T02:34:13.000000Z"}