Skip to main content

CVE-2025-62130

MEDIUM
Missing Authorization (CWE-862)
2025-12-31 audit@patchstack.com
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
4.3 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in wpdiscover Accordion Slider Gallery accordion-slider-gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider Gallery: from n/a through <= 2.7.

AnalysisAI

Missing authorization controls in WordPress Accordion Slider Gallery plugin version 2.7 and earlier allow unauthenticated or low-privileged users to bypass access restrictions and exploit misconfigured security levels. The vulnerability stems from improper access control validation (CWE-862) that fails to enforce authentication checks on sensitive plugin functions, potentially enabling unauthorized users to access restricted functionality or administrative features.

Technical ContextAI

The Accordion Slider Gallery plugin for WordPress contains a broken access control vulnerability classified under CWE-862 (Missing Authorization), which represents a failure to properly enforce that a user cannot perform an action or access a resource that they should not be permitted to. This class of vulnerability typically occurs when WordPress plugins lack proper nonce verification, capability checks (wp_verify_nonce, current_user_can), or role-based access control before executing sensitive operations. The plugin likely exposes AJAX endpoints, REST API routes, or admin functions without adequate authentication or authorization middleware, allowing attackers to manipulate requests and access protected functionality regardless of their user role or authentication status.

Affected ProductsAI

WordPress Accordion Slider Gallery plugin version 2.7 and all prior versions are affected. The plugin is distributed through the official WordPress.org plugin repository and identified by CPE component wp:accordion-slider-gallery. Users running any release through version 2.7 should be considered vulnerable, with no version range exclusions noted in available advisory data.

RemediationAI

Update WordPress Accordion Slider Gallery to a version newer than 2.7 as soon as a patched release is available. Check the official plugin page on WordPress.org and the Patchstack vulnerability database (https://patchstack.com/database/Wordpress/Plugin/accordion-slider-gallery/) for the specific patched version number. Until a patch is confirmed released, consider disabling the plugin or restricting its usage to trusted administrators only. Verify that no sensitive data has been accessed via the plugin's broken access controls after the vulnerability disclosure date. Implement Web Application Firewall rules to monitor and block suspicious requests to accordion-slider-gallery AJAX endpoints if available.

Share

CVE-2025-62130 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy