Skip to main content
CVE-2025-68995 MEDIUM This Month

Missing authorization in Premio My Sticky Elements plugin (version 2.3.3 and earlier) allows authenticated users to modify data they should not have access to due to incorrectly configured access control security levels. The vulnerability requires an authenticated attacker with low privileges and carries a CVSS score of 4.3 with low real-world exploitation probability (EPSS 0.04%). No public exploit code or active exploitation has been identified.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-69013 MEDIUM This Month

Missing Authorization vulnerability in jetmonsters Stratum stratum allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stratum: from n/a through <= 1.6.1.

Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-62112 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the Easy Property Listings XML/CSV Import plugin for WordPress (versions <= 2.2.1) allows attackers to perform unauthorized actions on behalf of authenticated administrators without their knowledge or consent. The vulnerability affects the import functionality and carries minimal real-world exploitation risk based on EPSS scoring (0.02%, 5th percentile), indicating low likelihood of automated exploitation despite the CSRF vector requiring no special privileges or authentication from the attacker's perspective.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy