Droip
CVE-2025-5835
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
The Droip plugin for WordPress is vulnerable to unauthorized modification and access of data due to a missing capability check on the droip_post_apis() function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform many actions as the AJAX hooks to several functions. Some potential impacts include arbitrary post deletion, arbitrary post creation, post duplication, settings update, user manipulation, and much more.
AnalysisAI
Missing authorization in Droip plugin for WordPress (all versions ≤2.2.6) allows authenticated attackers with Subscriber-level privileges to manipulate content and settings via droip_post_apis() AJAX handler. Exploitable actions include arbitrary post deletion/creation, post duplication, settings modification, and user account manipulation. Requires only low-privilege authenticated access (PR:L) for high-impact compromise of confidentiality, integrity, and availability (CVSS 8.8). No public exploit identified at time of analysis.
Technical ContextAI
Root cause is CWE-862 missing capability check in droip_post_apis() function, enabling low-privileged subscribers to invoke AJAX hooks that bypass WordPress role-based access controls. Function acts as gateway to privileged operations without validating user permissions, violating principle of complete mediation for administrative actions.
RemediationAI
Update to Droip version 2.2.7 or later if available from vendor. Verify patch implementation by testing that subscriber-level accounts cannot access administrative AJAX endpoints. If patched version not yet released, temporarily deactivate the Droip plugin until vendor releases security update. Monitor vendor advisory at https://droip.com/ for official patch announcements. Audit existing installations for unauthorized post modifications, deletions, or user account changes performed by low-privileged accounts. Review Wordfence intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/e2e6b451-9835-4887-ade7-b18807223a88?source=cve for additional technical details and indicators of compromise. Implement defense-in-depth by restricting subscriber account creation and reviewing role assignments.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today