CVE-2025-5814 MEDIUM

CVE-2025-5814: Profiler – What Slowing Down Your WP <= 1.0.0 - Missing Authentication to Unauthenticated Arbitrary Plugin Reactivation via State Restoration

Vendor Switcorp
Product Profiler – What Slowing Down Your WP
Weakness CWE-862 · Missing authorization
Published June 7, 2025
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

The Profiler – What Slowing Down Your WP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpsd_plugin_control() function in all versions up to, and including, 1.0.0. This makes it possible for unauthenticated attackers to reactivate previously deactivated plugins after accessing the "Profiler" page.

Key dates

02Disclosure timeline

June 7, 2025 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-33923 Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes CVE-2026-32565 WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability CVE-2024-5468 WordPress Header Builder Plugin – Pearl <= 1.3.7 - Missing Authorization to Unauthenticated Arbitrary Site Options Deletion CVE-2024-10330 Improper Access Control in lunary-ai/lunary CVE-2025-9331 Spacious <= 1.9.11 - Missing Authorization to Autheticated (Subscriber+) Demo Data Import