CVE-2025-14064 | BuddyTask Plugin up to 1.3.0 on WordPress AJAX Endpoint authorization

December 11, 2025 Yanac

A vulnerability was found in BuddyTask Plugin up to 1.3.0 on WordPress and classified as critical. Affected is an unknown function of the component AJAX Endpoint. Such manipulation leads to missing authorization.

This vulnerability is documented as CVE-2025-14064. The attack can be executed remotely. There is not any exploit available.VulDB Recent EntriesRead More

CVE-2025-13972 | WatchTowerHQ Plugin up to 3.15.0 on WordPress handle_big_object_download_request wht_download_big_object_origin path traversal
CVE-2025-14170 | Vimeo SimpleGallery Plugin up to 0.2 on WordPress Setting vimeogallery_admin action authorization