Devs CRM – Manage tasks, attendance and teams all together

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Devs CRM – Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to retrieve private user data, including password hashes.

Basic Information

ID CVE-2025-13092

Source Wordfence

Published Dec 13, 2025 at 04:31

Affected Product

Vendor ajitdas

Product Devs CRM – Manage tasks, attendance and teams all together

Version *

Affected Versions ajitdas Devs CRM – Manage tasks, attendance and teams all together *

CWE Classification

CWE-862

References

{
    "lastseen": "",
    "description": "The Devs CRM \u2013 Manage tasks, attendance and teams all together plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/devs-crm/v1/attendances REST API Endpoint in all versions up to, and including, 1.1.8. This makes it possible for unauthenticated attackers to retrieve private user data, including password hashes.",
    "published": "2025-12-13T04:31:32.532Z",
    "modified": "2025-12-13T04:31:32.532Z",
    "type": "cve",
    "title": "Devs CRM \u2013 Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c67c520d-4843-4ef1-8c96-cbf0eaab58cb?source=cve\nhttps://wordpress.org/plugins/devs-crm/",
    "id": "CVE-2025-13092",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "ajitdas Devs CRM \u2013 Manage tasks, attendance and teams all together *",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Devs CRM \u2013 Manage tasks, attendance and teams all together",
    "version": "*",
    "vendor": "ajitdas",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Devs CRM – Manage tasks, attendance and teams all together <= 1.1.8 - Unauthenticated Information Expsoure_CVE-2025-13092