VYPR
Unrated severityNVD Advisory· Published Oct 16, 2024· Updated Apr 8, 2026No known patch

ARI-Adminer <= 1.1.14 - Missing Authorization and No Direct File Access Restrictions

CVE-2019-25215

Description

The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.