CVE-2025-13403 on 办公AI智能小助手 https://blog.qife122.com/tags/cve-2025-13403/ Recent content in CVE-2025-13403 on 办公AI智能小助手 Hugo zh-cn qife Sat, 13 Dec 2025 21:15:20 +0800 WordPress插件CVE-2025-13403授权漏洞分析:低权限用户可操控追踪设置 https://blog.qife122.com/p/wordpress%E6%8F%92%E4%BB%B6cve-2025-13403%E6%8E%88%E6%9D%83%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%BD%8E%E6%9D%83%E9%99%90%E7%94%A8%E6%88%B7%E5%8F%AF%E6%93%8D%E6%8E%A7%E8%BF%BD%E8%B8%AA%E8%AE%BE%E7%BD%AE/ Sat, 13 Dec 2025 21:15:20 +0800 https://blog.qife122.com/p/wordpress%E6%8F%92%E4%BB%B6cve-2025-13403%E6%8E%88%E6%9D%83%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90%E4%BD%8E%E6%9D%83%E9%99%90%E7%94%A8%E6%88%B7%E5%8F%AF%E6%93%8D%E6%8E%A7%E8%BF%BD%E8%B8%AA%E8%AE%BE%E7%BD%AE/ <h1 id="cve-2025-13403-emarket-design-employee-spotlight-wordpress插件中的cwe-862缺失授权漏洞">CVE-2025-13403: emarket-design Employee Spotlight WordPress插件中的CWE-862缺失授权漏洞</h1> <p><strong>严重性:</strong> 中等 <strong>类型:</strong> 漏洞 <strong>CVE编号:</strong> CVE-2025-13403</p> <h2 id="漏洞描述">漏洞描述</h2> <p>WordPress的“Employee Spotlight – Team Member Showcase &amp; Meet the Team”插件在5.1.3及之前的所有版本中存在漏洞,由于<code>employee_spotlight_check_optin()</code>函数缺少授权验证,导致未经授权的跟踪设置修改。这使得拥有订阅者(Subscriber)级别及以上访问权限的经过身份验证的攻击者能够启用或禁用跟踪设置。</p>