Responsive Plus < 3.2.1 – Missing Authorization | CVE 2025-48335 | Plugin Vulnerabilities

Description

The Responsive Plus – Starter Templates, Advanced Features and Customizer Settings for Responsive Theme. plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the import_sites() function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to import site data.

Affects Plugins

responsive-add-ons

Fixed in 3.2.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e35dcd3a-651e-4984-8362-95503ff8c546

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

domiee13

Verified

No

WPVDB ID

1152c0db-b3ff-43fa-aaa3-bd33916f2cb1

Timeline

Publicly Published

2025-05-29 (about 1 year ago)

Added

2025-06-02 (about 1 year ago)

Last Updated

2025-06-02 (about 1 year ago)

Other

Published

Title

Published

2025-06-05

Title

Trinity Audio < 5.20.1 - Missing Authorization

Published

2024-02-19

Title

Oliver POS < 2.4.2.1 - Subscriber+ Unauthorized AJAX Calls

Published

2022-09-15

Title

Awesome Filterable Portfolio <= 1.9.7 - Unauthenticated Settings Update

Published

2024-09-16

Title

WooCommerce Multilingual & Multicurrency < 5.3.7 - Missing Authorization

Published

2025-11-29

Title

ConveyThis < 269.3 - Missing Authorization