Skip to main content

Wiremo Wiremo CVE-2025-62092

MEDIUM
Missing Authorization (CWE-862)
2025-12-31 audit@patchstack.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.3 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in Wiremo Wiremo woo-reviews-by-wiremo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wiremo: from n/a through <= 1.4.99.

AnalysisAI

Missing authorization controls in the Wiremo woo-reviews-by-wiremo WordPress plugin through version 1.4.99 allow attackers to bypass access restrictions and exploit incorrectly configured security levels, potentially enabling unauthorized data access or modification of review functionality. The vulnerability stems from broken access control (CWE-862) and carries an EPSS score of 0.04% (13th percentile), indicating low real-world exploitation probability despite the authentication bypass tag.

Technical ContextAI

The Wiremo woo-reviews-by-wiremo plugin, a WordPress extension for managing WooCommerce product reviews, implements access control mechanisms that fail to properly validate user permissions before allowing sensitive operations. CWE-862 (Missing Authorization) indicates the plugin performs actions or grants access based on user-controlled input without verifying that the user has the necessary privileges. This type of flaw typically manifests in WordPress plugins when custom post type handlers, AJAX endpoints, or admin functionality do not check user roles (subscriber, contributor, author, editor, administrator) or nonce values before executing privileged actions. The vulnerability affects all versions up to and including 1.4.99.

Affected ProductsAI

The Wiremo woo-reviews-by-wiremo WordPress plugin is affected in all versions from an unspecified baseline through version 1.4.99. This is a WordPress plugin distributed through the official plugin repository (identified via woo-reviews-by-wiremo slug) that integrates with WooCommerce. Administrators running any instance of this plugin at or below version 1.4.99 should assume the system is vulnerable.

RemediationAI

Update the Wiremo woo-reviews-by-wiremo plugin to a version newer than 1.4.99. Administrators should navigate to the WordPress dashboard, access the Plugins menu, locate woo-reviews-by-wiremo in the installed plugins list, and click Update if available. If an update beyond 1.4.99 has been released by the vendor, install it immediately. As an interim measure, administrators should restrict access to the vulnerable plugin functionality by limiting user roles that can interact with reviews or review-related settings, and consider disabling the plugin entirely if it is not actively used. Consult the Patchstack vulnerability database entry (https://patchstack.com/database/Wordpress/Plugin/woo-reviews-by-wiremo/vulnerability/wordpress-wiremo-plugin-1-4-99-broken-access-control-vulnerability?_s_id=cve) for vendor-specific patching guidance and confirmation of available fix versions.

Share

CVE-2025-62092 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy