CVE-2025-62129

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

Tags

WordPress PHP Authentication Bypass

Description

Missing Authorization vulnerability in Magnigenie RestroPress restropress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RestroPress: from n/a through <= 3.2.7.

Analysis

Missing authorization controls in RestroPress WordPress plugin versions through 3.2.7 allow unauthenticated attackers to bypass access restrictions and access functionality intended to be restricted by security-configured access levels. The vulnerability stems from improper validation of user permissions, enabling attackers to exploit incorrectly configured access control mechanisms. No public exploit code or active exploitation has been confirmed, though the low EPSS score (0.04%) suggests minimal real-world exploitation likelihood despite the authorization bypass nature.

Technical Context

RestroPress is a WordPress restaurant management plugin that implements access control logic to restrict certain administrative or user-specific functionality based on user roles and permissions. CWE-862 (Missing Authorization) indicates the plugin fails to properly verify that a user has permission to perform requested actions before granting access. This commonly occurs when authorization checks are omitted from sensitive endpoints, when access control logic is bypassable through parameter manipulation, or when privilege levels are not properly enforced. The vulnerability affects the plugin's core access control mechanisms rather than a specific library or protocol.

Affected Products

Magnigenie RestroPress WordPress plugin versions from an unspecified baseline through version 3.2.7. The vulnerability is tracked in the Patchstack database for the RestroPress plugin (CPE data not provided in available references). The advisory reference indicates version 3.2.4 was identified in vulnerability research, with the published range extending through 3.2.7.

Remediation

Update RestroPress to a patched version newer than 3.2.7 immediately. Consult the Patchstack vulnerability database (https://patchstack.com/database/Wordpress/Plugin/restropress/vulnerability/wordpress-restropress-plugin-3-2-4-2-broken-access-control-vulnerability?_s_id=cve) for the specific fixed version number and installation instructions. As an interim measure, restrict access to the RestroPress plugin through web server rules or WordPress user role configuration if an immediate update is not feasible, though this does not address the underlying authorization bypass.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62129 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy