CVE-2025-53345— WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability
Possible ATT&CK Techniques 1AI
T1078 · Valid AccountsGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-53345
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This issue affects Thim Core: from n/a through 2.3.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制缺失
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2025-53345
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-53345
请登录查看更多情报信息。
News Coverage for CVE-2025-53345 (1)
IV. Related Vulnerabilities
Same vendor: ThimPress
- CVE-2025-53346
WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control - CVE-2026-48865
WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site - CVE-2026-7648
LearnPress – WordPress LMS Plugin for Create and Sell Online - CVE-2026-4650
FundPress <= 2.0.8 - Missing Authorization to Unauthenticate - CVE-2026-4365
LearnPress <= 4.3.2.8 - Missing Authorization to Unauthentic
Same weakness: CWE-862
- CVE-2026-49782
WordPress Elementor Website Builder plugin <= 4.1.0 - Broken - CVE-2026-27351
WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control v - CVE-2026-42670
WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - CVE-2026-42669
WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Contr - CVE-2025-53346
WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control
V. Comments for CVE-2025-53345
No comments yet