Skip to main content

CVE-2025-14358

HIGH
Missing Authorization (CWE-862)
2026-01-08 audit@patchstack.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Re-analysis Queued
Apr 23, 2026 - 15:43 vuln.today
cvss_changed
Severity Changed
Apr 23, 2026 - 15:43 NVD
CRITICAL HIGH
CVSS changed
Apr 23, 2026 - 15:43 NVD
9.8 (CRITICAL) 7.5 (HIGH)
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 08, 2026 - 10:15 nvd
CRITICAL 9.8

DescriptionCVE.org

Missing Authorization vulnerability in sizam REHub Framework rehub-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects REHub Framework: from n/a through <= 19.9.5.

AnalysisAI

REHub Framework for WordPress (through 19.9.5) has missing authorization allowing unauthenticated access to restricted functionality with full CIA impact.

Technical ContextAI

The plugin does not check user capabilities before allowing access to sensitive functionality (CWE-862).

Affected ProductsAI

REHub Framework through 19.9.5

RemediationAI

Update REHub Framework to the latest version.

Share

CVE-2025-14358 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy