Primary

Context

DominoKit WordPress Plugin Missing Authorization Vulnerability in Settings Update

Vulnerability

A vulnerability exists in the DominoKit plugin for WordPress, all versions through 1.1.0, due to a lack of proper capability checks on the wp_ajax_nopriv_dominokit_option_admin_action AJAX endpoint. This flaw allows unauthenticated attackers to modify plugin settings.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in plugin settings, potentially allowing attackers to manipulate the plugin's behavior or functionality.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Nov 4, 2025, 5:39 AM

Updated: Nov 4, 2025, 5:39 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

DominoKit WordPress Plugin Missing Authorization Vulnerability in Settings Update

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating