- Description
- The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-862
- Hype score
- Not currently trending
CVE-2025-5701 WordPress HyperComments Plugin Unauthenticated Privilege Escalation in All Versions https://t.co/4Oo2oRQ2le
@VulmonFeeds
5 Jun 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vuln in HyperComments for WordPress (CVE-2025-5701): attackers can escalate privileges via missing auth checks. Patch now! Details: https://t.co/nROT4QKq1U #OffSeq #WordPress #CVE20255701 #infosec https://t.co/Yy3O6xa3rd
@offseq
5 Jun 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-5701: CRITICAL] Attention WordPress users! HyperComments plugin has a vulnerability (up to v1.2.2) allowing attackers to escalate privileges and gain admin access by modifying data. Update or remove ...#cve,CVE-2025-5701,#cybersecurity https://t.co/U5XtzeoLfB https://t.
@CveFindCom
5 Jun 2025
54 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes