CYBERHAWK / CVE / CVE-2019-25738

CVE-2019-25738

WordPress Hybrid Composer

CRITICAL CVSS 9.8 vibe

The flaw

Unauthenticated settings change allows account takeover via user registration.

What to do

Update to Hybrid Composer version newer than 1.4.6

▸ Scan my repo for CVE-2019-25738

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-06-05 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits