CVE-2025-62147

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 15:15 nvd
N/A

Tags

WordPress PHP Authentication Bypass

Description

Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.

Analysis

Missing authorization controls in nikmelnik Realbig media WordPress plugin versions up to 1.1.3 allow unauthenticated attackers to bypass access control restrictions and exploit misconfigured security levels, potentially exposing restricted content or functionality. The vulnerability is classified as a broken access control issue (CWE-862) with low exploitation probability (EPSS 0.04%) and no public exploit code identified at the time of analysis.

Technical Context

The vulnerability stems from inadequate authorization checks in the Realbig media plugin, falling under CWE-862 (Missing Authorization). This WordPress plugin plugin likely implements access control mechanisms to restrict certain media assets or features to specific user roles or authenticated users, but the authorization logic either fails to validate permissions correctly or is entirely absent from critical code paths. The underlying issue is a classic broken access control flaw where the application does not properly verify that a user has permission to access requested resources before granting access. This type of vulnerability often manifests when authorization checks are missing from admin-accessible endpoints, AJAX handlers, or REST API routes.

Affected Products

nikmelnik Realbig media WordPress plugin versions from an unspecified baseline through version 1.1.3 inclusive are affected. The vulnerable component is the core access control implementation within the plugin. The plugin is available on the WordPress plugin repository and is referenced in the Patchstack vulnerability database at the provided URL.

Remediation

WordPress administrators should immediately upgrade nikmelnik Realbig media plugin to a version newer than 1.1.3 when available. Until a patched version is released, administrators should disable or deactivate the plugin to prevent unauthorized access exploitation. Detailed remediation guidance is available in the Patchstack vulnerability advisory at https://patchstack.com/database/Wordpress/Plugin/realbig-media/vulnerability/wordpress-realbig-plugin-1-1-3-broken-access-control-vulnerability. Site administrators should review access logs to determine whether the vulnerability was exploited before patching.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62147 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy