CVE-2025-10746
Integrate Dynamics 365 CRM <= 1.0.9 - Missing Authorization
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks and nonce verification on functions hooked to 'init'. This makes it possible for unauthenticated attackers to deactivate the plugin, tamper with OAuth configuration, and trigger test connections that expose sensitive data via direct request to vulnerable endpoints granted they can craft malicious requests with specific parameters.
| CWE | CWE-306 |
| Vendor | cyberlord92 |
| Product | integrate dynamics 365 crm |
| Published | Oct 4, 2025 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for cyberlord92 integrate dynamics 365 crm
Be the first to know when new medium vulnerabilities affecting cyberlord92 integrate dynamics 365 crm are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
cyberlord92 / Integrate Dynamics 365 CRM
0 โค 1.0.9
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/b7fb23e8-dabb-4d6e-a2b2-2b27d6a38b3c?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/integrate-dynamics-365-crm/tags/1.0.9/Observer/adminObserver.php#L26 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/integrate-dynamics-365-crm/tags/1.0.9/integrate-dynamics-365-crm.php#L48 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/integrate-dynamics-365-crm/trunk/Observer/class-adminobserver.php?rev=3370266#L71
Credits
Jonas Benjamin Friedli