{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T19:03:19.828","vulnerabilities":[{"cve":{"id":"CVE-2025-5835","sourceIdentifier":"security@wordfence.com","published":"2025-07-25T07:15:27.653","lastModified":"2026-04-08T19:24:23.407","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more."},{"lang":"es","value":"El complemento Droip para WordPress es vulnerable a modificaciones y accesos no autorizados a los datos debido a la falta de una comprobación de capacidad en la función droip_post_apis() en todas las versiones hasta la 2.2.0 incluida. Esto permite a atacantes autenticados, con acceso de suscriptor o superior, realizar numerosas acciones, ya que AJAX se conecta a varias funciones. Algunos posibles impactos incluyen la eliminación, creación y duplicación de publicaciones arbitrarias, la actualización de la configuración, la manipulación del usuario y mucho más."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:themeum:droip:*:*:*:*:*:wordpress:*:*","versionEndIncluding":"2.2.0","matchCriteriaId":"309A8C64-FCCF-4FBC-936E-766DEBDA6B88"}]}]}],"references":[{"url":"https://droip.com/","source":"security@wordfence.com","tags":["Product"]},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e6b451-9835-4887-ade7-b18807223a88?source=cve","source":"security@wordfence.com","tags":["Third Party Advisory"]}]}}]}