CVE-2025-10706P2HIGHCVSS 8.8≤ 1.0.142025-10-16
CVE-2025-10706 [HIGH] CWE-862 CVE-2025-10706: The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a mi
The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and including, 1.0.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins on the affected s
nvd