CVE-2025-6720

{"id": "CVE-2025-6720", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-07-19T06:15:24.127", "references": [{"url": "https://plugins.trac.wordpress.org/browser/mrkv-vchasno-kasa/trunk/classes/mrkv-setup.php#L245", "source": "security@wordfence.com"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3328827%40mrkv-vchasno-kasa&new=3328827%40mrkv-vchasno-kasa&sfp_email=&sfph_mail=", "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd03483a-f46c-4e17-8b58-df87b0ad7fa3?source=cve", "source": "security@wordfence.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files."}, {"lang": "es", "value": "El complemento Vchasno Kasa para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a la falta de comprobaci\u00f3n de la funci\u00f3n clear_all_log() en todas las versiones hasta la 1.0.3 incluida. Esto permite que atacantes no autenticados borren los archivos de registro."}], "lastModified": "2025-07-22T13:06:07.260", "sourceIdentifier": "security@wordfence.com"}