Skip to main content

NewClarity DMCA Protection Badge CVE-2025-62145

MEDIUM
Missing Authorization (CWE-862)
2025-12-31 audit@patchstack.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.3 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 15:15 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in NewClarity DMCA Protection Badge dmca-badge allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DMCA Protection Badge: from n/a through <= 2.2.0.

AnalysisAI

Missing authorization controls in NewClarity DMCA Protection Badge WordPress plugin versions up to 2.2.0 allow unauthenticated attackers to exploit incorrectly configured access control security levels, potentially exposing sensitive functionality or data protected by the badge mechanism. The vulnerability stems from insufficient permission validation (CWE-862) and presents an authentication bypass risk, though real-world exploitation likelihood is low based on EPSS scoring (0.04%, 13th percentile).

Technical ContextAI

NewClarity DMCA Protection Badge is a WordPress plugin that implements access control mechanisms to protect content. The vulnerability root cause is CWE-862 (Missing Authorization), indicating the plugin fails to properly validate user permissions before granting access to protected resources or administrative functions. The access control configuration does not correctly enforce security levels, allowing bypassing of intended authorization checks. This is a common pattern in WordPress plugins where capability checks (such as 'manage_options' or custom roles) are either missing or improperly implemented in key functions that should restrict access to authenticated administrators or privileged users.

Affected ProductsAI

NewClarity DMCA Protection Badge for WordPress is affected in all versions from initial release through version 2.2.0. The plugin is identified via CPE corresponding to the WordPress plugin ecosystem. The vulnerability affects the plugin installation regardless of WordPress core version, as long as the DMCA Protection Badge plugin version is 2.2.0 or earlier. Organizations running this plugin should consult the vendor advisory at https://patchstack.com/database/Wordpress/Plugin/dmca-badge/vulnerability/wordpress-dmca-protection-badge-plugin-2-2-0-broken-access-control-vulnerability for confirmation of their installed version.

RemediationAI

Upgrade NewClarity DMCA Protection Badge to a version later than 2.2.0 as soon as patched releases become available. Review the plugin's access control configuration settings to ensure security levels are correctly mapped to user roles and capabilities. Restrict direct access to the plugin's administrative pages via web application firewall rules if feasible. Consult the vendor advisory at https://patchstack.com/database/Wordpress/Plugin/dmca-badge/vulnerability/wordpress-dmca-protection-badge-plugin-2-2-0-broken-access-control-vulnerability for patch availability and release timelines. Until patched versions are released, consider temporarily disabling the plugin if the protected content is not critical, or implementing additional WordPress security measures such as user role restrictions and activity logging.

Share

CVE-2025-62145 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy