CVE-2025-62141

2025-12-31 [email protected]
Authentication Bypass

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 15:15 nvd
N/A

DescriptionNVD

Missing Authorization vulnerability in Information Technology Wawp automation-web-platform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wawp: from n/a through <= 4.4.

AnalysisAI

Missing authorization in Wawp automation-web-platform through version 4.4 allows unauthenticated or low-privileged attackers to exploit incorrectly configured access control security levels, potentially bypassing intended access restrictions. The vulnerability is tracked as CWE-862 (Missing Authorization) and has an EPSS score of 0.04% (13th percentile), indicating very low real-world exploitation probability despite the access control nature of the flaw.

Technical ContextAI

Wawp (automation-web-platform) is a WordPress plugin that manages workflow automation and access control configurations. The vulnerability stems from improper implementation of authorization checks (CWE-862), where the application fails to verify whether a user has the required permissions before allowing access to sensitive operations or resources. This differs from authentication bypass in that the user may be known to the system, but the authorization layer-which determines what authenticated or unauthenticated users can do-is misconfigured or absent. The root cause involves incorrectly configured access control security levels, suggesting the plugin either defaults to overly permissive settings, lacks proper role-based access control (RBAC) enforcement, or exposes privileged functions without adequate permission checks.

Affected ProductsAI

Information Technology Wawp automation-web-platform is affected from an unspecified baseline through version 4.4. The plugin is distributed as a WordPress plugin (CPE data not provided in input, but references point to patchstack.com WordPress plugin database). The vulnerability affects all installations of the Wawp plugin on version 4.4 and earlier. Vendor advisory and additional details are available via the Patchstack vulnerability database link: https://patchstack.com/database/Wordpress/Plugin/automation-web-platform/vulnerability/wordpress-wawp-plugin-4-0-5-broken-access-control-vulnerability?_s_id=cve

RemediationAI

Update the Wawp automation-web-platform plugin to a patched version above 4.4. The exact fixed version number is not explicitly stated in the provided data, but the advisory indicates patches are available. Administrators should visit the Patchstack database link and the official WordPress plugin repository to download the latest version. If an immediate patch is unavailable, review and manually verify access control configurations within the Wawp plugin settings to ensure that sensitive automation workflows and administrative functions are properly restricted to intended user roles. Disable the plugin temporarily if it is not critical to operations pending patch deployment.

Share

CVE-2025-62141 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy