Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8.
The vulnerability results from improper implementation of authentication mechanisms in the Quentn WP plugin. Weak identity verification allows an external attacker—without possessing any credentials—to bypass access controls and obtain higher privileges within the WordPress application. The attack vector is network-based, does not require user interaction, or special environmental conditions.
An attacker can perform privilege escalation, potentially obtaining WordPress administrator privileges, leading to complete takeover of the website, including data theft, content modification, or malicious software installation.
The Quentn WP plugin must be immediately updated to a version higher than 1.2.8. Details regarding the patch are available in the manufacturer's references and in the Patchstack database. If an update is not yet available, consider temporarily disabling the plugin.
Quentn WP plugin (quentn-wp) by Quentn.com GmbH in all versions from n/a to 1.2.8 inclusive, installed on WordPress websites.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H