CVE•Published 2025-08-23•Modified 2026-04-08•1 article on news•6 live references•NVD data
CVE-2025-5060
Vulnerability data via NVD (ingested)
CVSS v3.1
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS percentile
—
Weaknesses (CWE)
Description
The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebook_ajax_login_callback(). This makes it possible for unauthenticated attackers to log in as administrative users, as long as they have an existing account on the site, and access to the administrative user's email.
Timeline
Published 2025-08-23
Modified 2026-04-08
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
More intel sources (5)
Shodan report
vuln:CVE-2025-5060Country / ASN / product breakdown for the vuln query.
Censys
vulnerabilities.cve_id: CVE-2025-5060Censys host search filtered to this CVE id.
grep.app
CVE-2025-5060Public source-code mentions — fast PoC discovery.
GitHub code
CVE-2025-5060GitHub code search for direct mentions.
Google dork
"CVE-2025-5060" exploit -site:nvd.nist.govWrite-ups and news, NVD excluded.
Known PoCs on GitHub (8)
CVE-2025-50608 repos
stamparm/maltrailPython
Malicious traffic detection system
HeyMrSalt/iPAS-Specialist-Notesunknown
iPAS 資安工程師 中級證照筆記 範圍著重【防護實務】並以【歷屆難題與解析】與【資安重要專有名詞】方式呈現。Ver.20250808
ChiefGyk3D/FrankenLLMShell
Stitched-together GPUs, but it lives! Run different LLM models optimally across multiple NVIDIA GPUs
MrSmiiith/hg6145f1-full-accessPython
FiberHome HG6145F1 — 14 CVE-class vulnerabilities, automated root shell, full security research. By Smothy / Numb Team
oslook/n8n-workflowsunknown
4200 + Workflow Automation Templates are Grouped by Categories/Services for easy navigation
HACKFORLAB/HACKFORLAB_NBAD_PCAP_AnalyzerPython
alanshlam/HoneyNetPython
Project: HoneyNet and DFIR
MayanSuthar/RekoLua
Stop juggling 8 tools. Reko is one Nmap NSE script that scans 29 services, ranks every finding by severity, and outputs exact exploit commands built for CTFs and OSCP labs.