https://blog.qife122.com/tags/cve-2025-13741/ Recent content in CVE-2025-13741 on 办公AI智能小助手 Hugo zh-cn qife Fri, 09 Jan 2026 14:41:26 +0800 https://blog.qife122.com/p/wordpress%E6%8F%92%E4%BB%B6cve-2025-13741%E6%8E%88%E6%9D%83%E7%BC%BA%E5%A4%B1%E5%AF%BC%E8%87%B4%E7%94%A8%E6%88%B7%E9%82%AE%E7%AE%B1%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ Fri, 09 Jan 2026 14:41:26 +0800 https://blog.qife122.com/p/wordpress%E6%8F%92%E4%BB%B6cve-2025-13741%E6%8E%88%E6%9D%83%E7%BC%BA%E5%A4%B1%E5%AF%BC%E8%87%B4%E7%94%A8%E6%88%B7%E9%82%AE%E7%AE%B1%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90/ <h1 id="cve-2025-13741-cwe-862-在publishpress-future插件中缺失授权">CVE-2025-13741: CWE-862 在PublishPress Future插件中缺失授权</h1> <p><strong>严重性</strong>: 中危 <strong>类型</strong>: 漏洞</p> <h2 id="cve-2025-13741">CVE-2025-13741</h2> <p>WordPress插件&quot;Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories&quot;在所有版本（包括4.9.2及之前版本）中存在因<code>getAuthors</code>函数缺少能力检查而导致数据被未授权访问的漏洞。这使得拥有贡献者级别及以上权限的已验证攻击者能够检索所有具有<code>edit_posts</code>能力用户的电子邮件。</p>