CVE-2025-14367 - WordPress Easy Theme Options Missing Authorization Vulnerability

CVE ID : CVE-2025-14367 Published : Dec. 13, 2025, 6:28 a.m. | 1 hour, 51 minutes ago Description : The Easy Theme Options plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0. This is due to missing authorization checks in the eto_import_settings function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import arbitrary plugin settings via the 'eto_import_settings' parameter. Severity: 5.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Source: Telegram CVE Monitor