CVE-2025-53345
Description
Thim Core plugin versions up to 2.3.3 are vulnerable to arbitrary code execution due to missing authorization, allowing attackers to run malicious code on a site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Thim Core plugin versions up to 2.3.3 are vulnerable to arbitrary code execution due to missing authorization, allowing attackers to run malicious code on a site.
Vulnerability
A missing authorization vulnerability exists in the ThimPress Thim Core plugin for WordPress, affecting versions up to and including 2.3.3. This vulnerability can be triggered after a malicious, vulnerable plugin is installed.
Exploitation
An attacker can exploit this vulnerability by installing a malicious plugin. The exact steps and required privileges for exploitation are not detailed in the available references, but it is expected to be used in mass-exploit campaigns.
Impact
Successful exploitation allows a malicious actor to remotely execute arbitrary code on the affected website. This could lead to a full compromise of the site.
Mitigation
Users should update the Thim Core plugin to a version later than 2.3.3. If an immediate update is not possible, users are advised to seek assistance from their hosting provider or web developer. The fixed version is not explicitly stated, but updating is the recommended action [1].
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
1- WordPress: 25 Vulnerabilities Disclosed Together on June 2, 2026Vypr Intelligence · Jun 2, 2026