CVE-2025-49884

2025-07-16 [email protected]
WordPress PHP Authentication Bypass

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:43 vuln.today
CVE Published
Jul 16, 2025 - 12:15 nvd
N/A

DescriptionNVD

Missing Authorization vulnerability in alexvtn Internal Linking of Related Contents internal-linking-of-related-contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Internal Linking of Related Contents: from n/a through <= 1.1.8.

AnalysisAI

Missing authorization controls in the Internal Linking of Related Contents WordPress plugin (versions up to 1.1.8) allow attackers to exploit incorrectly configured access control security levels, potentially enabling unauthorized access to plugin functionality. The vulnerability stems from improper implementation of access controls (CWE-862) and carries a low EPSS score of 0.07% despite the authorization flaw, suggesting limited real-world exploitation probability at time of analysis.

Technical ContextAI

The Internal Linking of Related Contents WordPress plugin fails to properly enforce access control mechanisms, classified under CWE-862 (Missing Authorization). This type of vulnerability occurs when the application does not perform adequate authorization checks before allowing sensitive operations, allowing attackers to bypass intended security restrictions. The vulnerability affects the plugin's core functionality of linking related content within WordPress sites. The low EPSS percentile (22nd percentile) indicates that while the authorization control is deficient, exploitation may require specific environmental conditions or user interaction patterns to be practical.

Affected ProductsAI

The Internal Linking of Related Contents WordPress plugin is affected in all versions from the initial release through version 1.1.8. This plugin is distributed via the official WordPress plugin repository and affects any WordPress installation with this plugin installed and activated. The specific CPE for this plugin would be cpe:2.3:a:alexvtn:internal-linking-of-related-contents:*:*:*:*:*:wordpress:*:* with version constraint <=1.1.8. Additional details and the vendor advisory are available at https://patchstack.com/database/Wordpress/Plugin/internal-linking-of-related-contents/vulnerability/wordpress-internal-linking-of-related-contents-1-1-8-broken-access-control-vulnerability.

RemediationAI

WordPress administrators should update the Internal Linking of Related Contents plugin to a patched version released after 1.1.8. Consult the official WordPress plugin repository or contact the plugin maintainer (alexvtn) directly for the latest available version addressing this authorization vulnerability. If an immediate update is unavailable, consider disabling the plugin until a patch is released. Site administrators should review their WordPress user roles and capabilities to minimize the impact of any potential unauthorized access during the interim period. The Patchstack advisory at the provided reference URL may contain additional remediation guidance.

Share

CVE-2025-49884 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy