WordPress Plugin Vulnerabilities

Simple Icons <= 2.8.4 - Missing Authorization

Description

The Popular Brand Icons – Simple Icons plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.8.4. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
simple-icons
No known fix

References

CVE
CVE-2025-31786
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/09fc03e4-0e83-4817-ab29-f45937c21f8e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
fc7a9c1f-a0b0-4b96-af43-a2048c8062e2

Timeline

Publicly Published
2025-04-01 (about 11 months ago)
Added
2025-04-08 (about 10 months ago)
Last Updated
2025-04-08 (about 10 months ago)

Other

Published
Title
Published
2026-01-07
Title
Re Gallery – Responsive Photo Gallery <= 1.17.19 - Missing Authorization
Published
2025-04-04
Title
WP Event Manager < 3.2.1 - Missing Authorization
Published
2026-01-18
Title
Sober <= 3.5.12 - Missing Authorization
Published
2025-09-26
Title
EmailKit < 1.6.1 - Missing Authorization to Authenticated (Author+) Arbitrary Content Deletion
Published
2025-06-09
Title
Membership For WooCommerce < 2.8.2 - Missing Authorization