Vulnerability Description
The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all versions up to, and including, 1.1.37. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset plugin settings to their default values.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/browser/easy-notify-lite/tags/1.1.37/inc/func
- https://plugins.trac.wordpress.org/browser/easy-notify-lite/trunk/inc/functions/
- https://plugins.trac.wordpress.org/changeset/3418678/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/f67ab0cf-340d-4234-a85
FAQ
What is CVE-2025-14446?
CVE-2025-14446 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Popup Builder (Easy Notify Lite) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the easynotify_cp_reset() function in all versions up ...
How severe is CVE-2025-14446?
CVE-2025-14446 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14446?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.