CVE-2025-25167

Summary

CVE-2025-25167 is a Missing Authorization vulnerability affecting the BookPress – For Book Authors plugin. This issue, which can be exploited by unauthorized users, stems from incorrectly configured access control security levels. Consequently, attackers can gain unauthorized access to certain functionalities of the plugin, putting versions 1.2.7 and below at risk. This vulnerability could potentially lead to serious consequences, such as unintended modifications, data theft, or even system compromise. To mitigate this risk, affected users are urged to update their plugin to the latest available version and implement robust access control measures.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.