CVE-2025-48166

2025-07-16 [email protected]
WordPress PHP Authentication Bypass

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:43 vuln.today
CVE Published
Jul 16, 2025 - 11:15 nvd
N/A

DescriptionNVD

Missing Authorization vulnerability in sminozzi Stop and Block bots plugin Anti bots antibots allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Stop and Block bots plugin Anti bots: from n/a through <= 1.48.

AnalysisAI

Missing authorization controls in the Stop and Block Bots plugin (Anti bots) for WordPress through version 1.48 allows attackers to access functionality that should be restricted by access control lists, enabling unauthorized administrative operations without proper authentication. The vulnerability is classified as broken access control (CWE-862) with low exploitation probability (EPSS 0.06%) and no confirmed active exploitation.

Technical ContextAI

The Stop and Block Bots WordPress plugin fails to implement proper authorization checks (access control lists/ACLs) on sensitive functionality, a violation of the CWE-862 class (Missing Authorization). This means the plugin likely exposes administrative or privileged functions without verifying user roles or capabilities before allowing access. WordPress plugins typically rely on capability checks using functions like current_user_can() to enforce access control; this vulnerability indicates such checks are either absent or improperly implemented on certain endpoints or admin functions. The vulnerability affects the plugin codebase distributed through the WordPress plugin repository, which runs in the context of WordPress's permission model.

Affected ProductsAI

The Stop and Block Bots plugin (Anti bots) by sminozzi for WordPress is affected in version 1.48 and all prior versions. The plugin is distributed through the official WordPress plugin repository and identified by the slug 'antibots'. No specific CPE string is provided in the source data, but the plugin can be identified via WordPress plugin management interfaces and the vendor advisory at Patchstack.

RemediationAI

Update the Stop and Block Bots plugin to a version newer than 1.48 as soon as it is released by the vendor. Users should navigate to the WordPress admin dashboard, access Plugins > Installed Plugins, locate 'Stop and Block Bots (Anti bots)', and click Update if available. If no patched version is immediately available, temporarily disable the plugin to prevent unauthorized access to its functionality, or restrict access to the WordPress admin dashboard via firewall rules or IP whitelisting. Check the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/antibots/vulnerability/wordpress-stop-and-block-bots-plugin-anti-bots-1-48-broken-access-control-vulnerability for patch availability and timeline.

Share

CVE-2025-48166 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy