CVE-2025-9321
🚨 CRITICALThe WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function...
Description
Request Expert ReviewThe WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code.
CVSS Scores
References
Additional Information
- Source
- security@wordfence.com
- State
- Awaiting analysis
Related CVEs
CVE-2025-13161
HIGHIQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relati...
CVE-2025-13160
MEDIUMIQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to a...
CVE-2025-12904
HIGHThe SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up...
CVE-2025-64530
HIGHApollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composi...
CVE-2025-64753
MEDIUMgrist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints li...
CVE-2025-64752
MEDIUMgrist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for f...
Share CVE-2025-9321
Share on Social Media
Copy Link
Embed Code
Request Expert Analysis
Request a professional security analysis for CVE-2025-9321 from our verified experts.
Credits System
Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!