Primary

Context

AnnunciFunebri Impresa WordPress Plugin Data Modification Vulnerability

Vulnerability

A vulnerability exists in the AnnunciFunebri Impresa WordPress plugin, all versions through 4.7.0, allowing authenticated users with Subscriber-level access or higher to delete all plugin options. This is due to a missing capability check in the 'annfu_reset_options()' function, which enables the unauthorized removal of data and resets the plugin to its default state.

Impact

Exploitation of this vulnerability allows for arbitrary deletion of plugin options, potentially disrupting the functionality of the AnnunciFunebri Impresa plugin by resetting its configuration.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can trigger the 'annfu_reset_options()' function, which lacks proper authorization checks. This can be done by sending a request that includes the '_reset' parameter, prompting the function to delete all 29 plugin options.

Added: Dec 13, 2025, 5:00 PM

Updated: Dec 13, 2025, 5:00 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.3

remediation

0.0

relevance

1.4

threat

4.8

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AnnunciFunebri Impresa WordPress Plugin Data Modification Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating