{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5814", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-06T16:14:55.840Z", "datePublished": "2025-06-07T04:22:07.365Z", "dateUpdated": "2026-04-08T17:09:20.507Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:09:20.507Z"}, "affected": [{"vendor": "switcorp", "product": "Profiler \u2013 What Slowing Down Your WP", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the \"Profiler\" page."}], "title": "Profiler \u2013 What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9213db60-c0c1-44a9-9b8c-621029c3a08f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/profiler-what-slowing-down/trunk/actions.php#L31"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n"}], "timeline": [{"time": "2025-06-06T16:15:42.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-09T15:11:45.653115Z", "id": "CVE-2025-5814", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:11:50.677Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5814", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-09T15:11:45.653115Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-09T15:11:47.386Z"}}], "cna": {"title": "Profiler \u2013 What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration", "credits": [{"lang": "en", "type": "finder", "value": "ch4r0n"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "switcorp", "product": "Profiler \u2013 What Slowing Down Your WP", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-06-06T16:15:42.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9213db60-c0c1-44a9-9b8c-621029c3a08f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/profiler-what-slowing-down/trunk/actions.php#L31"}], "descriptions": [{"lang": "en", "value": "The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the \"Profiler\" page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-06-07T04:22:07.365Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5814", "state": "PUBLISHED", "dateUpdated": "2025-06-09T15:11:50.677Z", "dateReserved": "2025-06-06T16:14:55.840Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-06-07T04:22:07.365Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Profiler \u2013 What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the \"Profiler\" page."}, {"lang": "es", "value": "El complemento Profiler \u2013 What Slowing Down Your WP para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de comprobaci\u00f3n de capacidad en la funci\u00f3n wpsd_plugin_control() en todas las versiones hasta la 1.0.0 incluida. Esto permite que atacantes no autenticados reactiven complementos previamente desactivados tras acceder a la p\u00e1gina \"Profiler\"."}], "id": "CVE-2025-5814", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-06-07T05:15:24.913", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/profiler-what-slowing-down/trunk/actions.php#L31"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9213db60-c0c1-44a9-9b8c-621029c3a08f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:23:32.173471+00:00", "value": {"mitigation_remediation": ["Upgrade the Profiler \u2013 What Slowing Down Your WP plugin to the latest release that includes the missing capability check.", "If an updated version is not available, immediately deactivate and remove the Profiler plugin from the site.", "As a temporary measure, restrict access to the Profiler page so that only authenticated administrators can view it, for example by adding a capability check or using an access control plugin."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Plugin Reactivation"}, "threat_synthesis": {"affected_systems": "This issue affects the Switcorp Profiler \u2013 What Slowing Down Your WP plugin for WordPress, specifically all versions up to 1.0.0. Owners of sites using this plugin should review the plugin version in use and note that the security flaw is present in these releases.", "description_and_impact": "The Profiler \u2013 What Slowing Down Your WP plugin contains a missing authorization check in the wpsd_plugin_control() function in all releases up to and including 1.0.0. Because of this, anyone able to reach the Profiler page can reactivate plugins that have been previously disabled without needing to be logged in. This unexpected ability to alter the active plugin set exposes the site to potential integrity or availability problems, especially if a reactivated plugin has its own vulnerabilities or exploits.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate risk, while the EPSS score of less than 1% suggests that the vulnerability is unlikely to be exploited at present. The flaw is not listed in CISA KEV, further indicating limited reported exploitation. An attacker would need only browser access to the Profiler page to trigger the vulnerability, implying a web-based attack vector that bypasses authentication. Once a plugin is reactivated, additional risks may arise depending on the plugin\u2019s own security posture."}}}}, "created": "2026-04-21T20:30:27.400364+00:00", "updated": "2026-04-21T20:30:27.400373+00:00", "vendors": []}