Takeads WordPress Plugin Authorization Bypass Vulnerability Allowing Configuration Deletion

Vulnerability

A vulnerability exists in the Takeads plugin for WordPress, specifically in versions through 1.0.13, allowing authorization bypass. The plugin fails to adequately verify user permissions, enabling authenticated attackers with subscriber-level access or higher to delete the plugin's configuration options.

Impact

Exploitation of this vulnerability allows for unauthorized deletion of the plugin's configuration settings.

Added: Dec 5, 2025, 6:41 AM

Updated: Dec 5, 2025, 6:41 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

0.0

relevance

1.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Takeads WordPress Plugin Authorization Bypass Vulnerability Allowing Configuration Deletion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating