WordPress Features Plugin Missing Authorization Vulnerability in Option Reversion

Vulnerability

A vulnerability exists in the Features plugin for WordPress, specifically in versions through 0.0.2. The issue arises from a lack of proper capability checks on the 'features_revert_option' AJAX endpoint. This flaw allows authenticated attackers with Subscriber-level access and above to unauthorizedly modify data by reverting options.

Impact

Exploitation of this vulnerability could lead to unauthorized data modification, allowing attackers to revert options without proper authorization.

Added: Nov 5, 2025, 3:17 AM

Updated: Nov 5, 2025, 3:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Features Plugin Missing Authorization Vulnerability in Option Reversion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating