← Retour aux CVEs

CVE-2025-6380

CRITICAL

9.8

Description

The ONLYOFFICE Docs plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within its oo.callback REST endpoint in versions 1.1.0 to 2.2.0. The plugin’s permission callback only verifies that the supplied, encrypted attachment ID maps to an existing attachment post, but does not verify the requester’s identity or capabilities. This makes it possible for unauthenticated attackers to log in as an arbitrary user.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie7/24/2025

Derniere modification7/25/2025

Sourcenvd

Observations honeypot0

Faiblesses (CWE)

CWE-862

References

https://plugins.trac.wordpress.org/browser/onlyoffice/tags/2.2.0/public/class-onlyoffice-plugin-public.php#L111(security@wordfence.com)

https://plugins.trac.wordpress.org/browser/onlyoffice/tags/2.2.0/public/views/class-onlyoffice-plugin-callback.php#L57(security@wordfence.com)

https://wordpress.org/plugins/onlyoffice/#developers(security@wordfence.com)

https://www.wordfence.com/threat-intel/vulnerabilities/id/608b0506-074b-4df3-8c30-57cfb090f553?source=cve(security@wordfence.com)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.