CVE-2025-54049: WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability
Published Aug 20, 2025
·Updated
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2.
Affected Software
1 affected component
miniOrange Custom API for WP<=4.2.2
Remediation
Information
Update the WordPress Custom API for WP plugin to the latest available version (at least 4.2.3).
Event History
Aug 20, 2025
CVE Published
via MITRE·08:02 AM
Data Sourced
via MITRE·08:02 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·08:15 AM
DescriptionSeverityWeakness
Frequently Asked Questions
1
What is the severity of CVE-2025-54049?
CVE-2025-54049 has a high severity level due to its potential for privilege escalation.
2
How do I fix CVE-2025-54049?
To fix CVE-2025-54049, update the miniOrange Custom API for WP plugin to version 4.2.3 or later.
3
What systems are affected by CVE-2025-54049?
CVE-2025-54049 affects miniOrange Custom API for WP versions up to and including 4.2.2.
4
What type of vulnerability is CVE-2025-54049?
CVE-2025-54049 is classified as an Incorrect Privilege Assignment vulnerability.
5
Can CVE-2025-54049 lead to data exposure?
Yes, CVE-2025-54049 can potentially lead to unauthorized access and data exposure through privilege escalation.