Checkbox WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Log Clearing
Vulnerability
A vulnerability exists in the Checkbox plugin for WordPress, specifically in versions through 2.8.10. The issue arises from a lack of proper capability checks on the 'wp_ajax_nopriv_checkbox_clean_log' AJAX endpoint, allowing unauthenticated users to clear log files. This vulnerability leads to unauthorized data loss.
Impact
Exploitation of this vulnerability allows for unauthorized clearing of log files, potentially leading to loss of important activity or error records.
Remediation
Users can update to version 2.8.11 or a newer patched version to address this vulnerability.
Added: Nov 21, 2025, 8:30 AM
Updated: Nov 21, 2025, 4:03 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
0.0exploitability
8.1remediation
7.7relevance
1.1threat
3.2urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.