CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-39596

CVSS 9.8v3.1pub. 2025-04-17upd. 2026-04-23

Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.

🤖 AI Analysis
How it works

The vulnerability results from improper implementation of authentication mechanisms in the Quentn WP plugin. Weak identity verification allows an external attacker—without possessing any credentials—to bypass access controls and obtain higher privileges within the WordPress application. The attack vector is network-based, does not require user interaction, or special environmental conditions.

Impact

An attacker can perform privilege escalation, potentially obtaining WordPress administrator privileges, leading to complete takeover of the website, including data theft, content modification, or malicious software installation.

Mitigation & patch

The Quentn WP plugin must be immediately updated to a version higher than 1.2.8. Details regarding the patch are available in the manufacturer's references and in the Patchstack database. If an update is not yet available, consider temporarily disabling the plugin.

Who is affected

Quentn WP plugin (quentn-wp) by Quentn.com GmbH in all versions from n/a to 1.2.8 inclusive, installed on WordPress websites.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References