CVE-2025-22302

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 862

Summary

CVE-2025-22302 identifies a missing authorization vulnerability in WP Wand, a WordPress plugin. This issue arises due to WP Wand failing to enforce proper access control security levels, potentially allowing unauthorized access. The vulnerability affects WP Wand versions from n/a through 1.2.5. Successful exploitation could result in severe consequences such as data theft or unintended modifications. It is crucial for WP Wand users to update their plugins as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share