{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T14:38:23.932","vulnerabilities":[{"cve":{"id":"CVE-2025-14608","sourceIdentifier":"security@wordfence.com","published":"2026-02-14T04:15:56.643","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WP Last Modified Info plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.5. This is due to the plugin not validating a user's access to a post before modifying its metadata in the 'bulk_save' AJAX action. This makes it possible for authenticated attackers, with Author-level access and above, to update the last modified metadata and lock the modification date of arbitrary posts, including those created by Administrators via the 'post_ids' parameter."},{"lang":"es","value":"El plugin WP Last Modified Info para WordPress es vulnerable a Referencia Directa Insegura a Objeto en todas las versiones hasta la 1.9.5, inclusive. Esto se debe a que el plugin no valida el acceso de un usuario a una publicación antes de modificar sus metadatos en la acción AJAX 'bulk_save'. Esto hace posible que atacantes autenticados, con acceso de nivel Autor o superior, actualicen los metadatos de última modificación y bloqueen la fecha de modificación de publicaciones arbitrarias, incluyendo aquellas creadas por Administradores a través del parámetro 'post_ids'."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://github.com/iamsayan/wp-last-modified-info/commit/cb3586897c11c3cd55dd63b7ae963243a027c0be","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-last-modified-info/tags/1.9.5/inc/Core/Backend/EditScreen.php#L249","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/wp-last-modified-info/trunk/inc/Core/Backend/EditScreen.php#L249","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3450167/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/ca94c815-488f-4d86-a642-39d2de803763?source=cve","source":"security@wordfence.com"}]}}]}