Primary

Context

Droip WordPress Plugin Missing Authorization Vulnerability in AJAX Hooks

Vulnerability

A vulnerability exists in the Droip plugin for WordPress, in all versions through 2.2.0, due to a lack of proper capability checks in the droip_post_apis() function. This flaw allows authenticated attackers with Subscriber-level access and above to misuse AJAX hooks to perform various actions. Potential consequences include unauthorized deletion or creation of posts, duplication of posts, modification of settings, manipulation of users, and more.

Impact

Exploitation of this vulnerability could lead to unauthorized data modification, including arbitrary post deletion and creation, post duplication, settings changes, and user manipulation.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Jul 25, 2025, 7:18 AM

Updated: Jul 25, 2025, 7:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Droip WordPress Plugin Missing Authorization Vulnerability in AJAX Hooks

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating