CVE-2025-6720

MEDIUM 5.3

Vchasno Kasa <= 1.0.3 - Unauthenticated Log File Clearing

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_all_log() function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to clear log files.

CWE	CWE-862
Vendor	bandido
Product	morkva vchasno kasa integration
Published	Jul 19, 2025
Last Updated	Apr 8, 2026

Stay Ahead of the Next One

Get instant alerts for bandido morkva vchasno kasa integration

Be the first to know when new medium vulnerabilities affecting bandido morkva vchasno kasa integration are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

bandido / MORKVA Vchasno Kasa Integration

0 ≤ 1.0.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/cd03483a-f46c-4e17-8b58-df87b0ad7fa3?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/mrkv-vchasno-kasa/trunk/classes/mrkv-setup.php#L245 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3328827%40mrkv-vchasno-kasa&new=3328827%40mrkv-vchasno-kasa&sfp_email=&sfph_mail=

Credits

Phong Nguyen