CVE Details
Basic Information
| Title | Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration |
|---|---|
| Type | cve |
| Published | 2025-06-07T04:22:07.365Z |
| Last Seen |
Product Information
| Vendor | switcorp |
|---|---|
| Product | Profiler – What Slowing Down Your WP |
| Version | * |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The Profiler – What Slowing Down Your WP plugin for WordPress has a vulnerability that allows unauthenticated attackers to reactivate previously deactivated plugins. This is due to a missing capability check in the plugin’s code. The vulnerability affects all versions up to and including 1.0.0. |
|---|---|
| AI Severity | Medium |
| Vendor | switcorp |
| Product | Profiler – What Slowing Down Your WP |
| Affected Version | <= 1.0.0 |
Affected Products
- switcorp Profiler – What Slowing Down Your WP *
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-862 |
| Bulletin Family |
References
Description
The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the “Profiler” page.