Vulnerabilities

CVE-2025-14043 - Tainacan <= 1.0.1 - missing authorization to unauthenticated arbitrary metadata ...

2025-12-21 0 views admin

CVE ID : CVE-2025-14043 Published : Dec. 21, 2025, 2:20 a.m. | 44 minutes ago Description : The Tainacan plugin for WordPress is vulnerable to unauthorized metadata section creation due to missing authorization checks in all versions up to, and including, 1.0.1. This is due to the `create_item_permissions_check()` function unconditionally returning true, which bypasses authentication and authorization validation. This makes it possible for unauthenticated attackers to create arbitrary metadata sections for any collection via the public REST API granted they can access the WordPress site. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14043

Published

Dec. 21, 2025

Affected Product: WordPress

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14043wordpress

CVE-2025-14043 - Tainacan <= 1.0.1 - missing authorization to unauthenticated arbitrary metadata ...

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-15003 - SeaCMS admin_video.php sql injection

CVE-2025-15006 - Tenda WH450 HTTP Request CheckTools stack-based overflow

CVE-2025-15004 - DedeCMS freelist_main.php sql injection

CVE-2025-15005 - CouchCMS reCAPTCHA config.example.php hard-coded key

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting