CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-5953

The WP Human Resource Management plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the ajax_insert_employee() and update_empoyee() functions in versions 2.0.0 through 2.2.17. The AJAX handler reads the client-supplied $_POST['role'] and, after basic cleaning via hrm_clean(), passes it directly to wp_insert_user() and later to $user->set_role() without verifying that the current user is allowed to assign that role. This makes it possible for authenticated attackers, with Employee-level access and above, to elevate their privileges to administrator.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.5%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2025-5953

Mishubd » Wp Human Resource Management » Version: 2.0.1

cpe:2.3:a:mishubd:wp_human_resource_management:2.0.1
Mishubd » Wp Human Resource Management » Version: 2.1.0

cpe:2.3:a:mishubd:wp_human_resource_management:2.1.0
Mishubd » Wp Human Resource Management » Version: 2.1.1

cpe:2.3:a:mishubd:wp_human_resource_management:2.1.1
Mishubd » Wp Human Resource Management » Version: 2.1.2

cpe:2.3:a:mishubd:wp_human_resource_management:2.1.2
Mishubd » Wp Human Resource Management » Version: 2.1.3

cpe:2.3:a:mishubd:wp_human_resource_management:2.1.3
Mishubd » Wp Human Resource Management » Version: 2.2.0

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.0
Mishubd » Wp Human Resource Management » Version: 2.2.1

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.1
Mishubd » Wp Human Resource Management » Version: 2.2.10

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.10
Mishubd » Wp Human Resource Management » Version: 2.2.11

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.11
Mishubd » Wp Human Resource Management » Version: 2.2.12

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.12
Mishubd » Wp Human Resource Management » Version: 2.2.2

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.2
Mishubd » Wp Human Resource Management » Version: 2.2.3

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.3
Mishubd » Wp Human Resource Management » Version: 2.2.4

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.4
Mishubd » Wp Human Resource Management » Version: 2.2.5

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.5
Mishubd » Wp Human Resource Management » Version: 2.2.6

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.6
Mishubd » Wp Human Resource Management » Version: 2.2.7

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.7
Mishubd » Wp Human Resource Management » Version: 2.2.8

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.8
Mishubd » Wp Human Resource Management » Version: 2.2.9

cpe:2.3:a:mishubd:wp_human_resource_management:2.2.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-5953

Products

Pricing

Contact Us