CVE-2025-62132

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

Tags

WordPress PHP Authentication Bypass

Description

Missing Authorization vulnerability in Strategy11 Team Tasty Recipes Lite tasty-recipes-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tasty Recipes Lite: from n/a through <= 1.1.5.

Analysis

Missing authorization controls in Strategy11 Team Tasty Recipes Lite WordPress plugin through version 1.1.5 allow unauthenticated attackers to bypass access control restrictions and exploit incorrectly configured security levels. The vulnerability stems from insufficient validation of user permissions before executing sensitive operations, enabling unauthorized access to protected functionality. No public exploit code or active exploitation has been identified at the time of analysis.

Technical Context

This vulnerability falls under CWE-862 (Missing Authorization), a server-side access control flaw affecting WordPress plugin architecture. The Tasty Recipes Lite plugin fails to properly validate user capabilities before executing privileged operations, likely in REST API endpoints or AJAX handlers commonly used by WordPress plugins. The vulnerability affects the plugin through all versions up to and including 1.1.5, indicating the authorization checks were either missing entirely or inadequately implemented in the plugin's codebase. WordPress plugins handle authorization through the wp_verify_nonce() function and capability checks via current_user_can(), and this plugin appears to have omitted or misconfigured these standard security controls.

Affected Products

Strategy11 Team Tasty Recipes Lite WordPress plugin is affected in all versions from the earliest release through version 1.1.5. The plugin is distributed via WordPress.org plugin repository and identified by the slug 'tasty-recipes-lite'. Affected installations include any site running Tasty Recipes Lite at or below version 1.1.5, regardless of WordPress version, though WordPress security updates should be current to minimize compound risks.

Remediation

Update Strategy11 Team Tasty Recipes Lite to a version released after 1.1.5 that addresses the missing authorization controls. Site operators should navigate to WordPress Dashboard > Plugins > Installed Plugins, locate Tasty Recipes Lite, and apply the available update. Consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/tasty-recipes-lite/vulnerability/wordpress-tasty-recipes-lite-plugin-1-1-5-broken-access-control-vulnerability?_s_id=cve for detailed patch version information and deployment guidance. Until patched, limit plugin access via user role restrictions within WordPress and monitor access logs for unauthorized activity targeting the plugin's endpoints.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +0
POC: 0

Share

CVE-2025-62132 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy