CVE-2025-62150

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 16:15 nvd
N/A

Tags

WordPress PHP Authentication Bypass

Description

Missing Authorization vulnerability in themesawesome History Timeline timeline-awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through <= 1.0.6.

Analysis

Missing authorization controls in themesawesome History Timeline WordPress plugin versions through 1.0.6 permit exploitation of incorrectly configured access control, allowing unauthenticated or low-privileged users to bypass security restrictions and access protected functionality. The vulnerability stems from improper enforcement of access control checks (CWE-862), classified as a broken access control flaw. No public exploit code or active exploitation has been confirmed, though the low EPSS score (0.04%) suggests limited practical exploitation likelihood in real-world deployments.

Technical Context

The vulnerability exists in the themesawesome History Timeline WordPress plugin, which provides timeline display and management functionality. The root cause is CWE-862 (Missing Authorization), indicating that the plugin fails to properly verify user permissions before allowing access to sensitive operations or data. WordPress plugins are server-side PHP applications loaded into the wp-content/plugins directory; broken access control flaws in WordPress plugins typically manifest when nonces are missing, role checks are absent, or capability verification is incomplete in AJAX handlers or REST endpoints. The affected CPE context is WordPress plugin ecosystem (cpe:2.25:a:themesawesome:history_timeline), where authorization bypass vulnerabilities can expose timeline creation, editing, deletion, or viewing capabilities to unauthorized users.

Affected Products

themesawesome History Timeline WordPress plugin in versions up to and including 1.0.6. The vulnerability affects all installations of this plugin that have not been updated beyond version 1.0.6. See Patchstack advisory for version distribution and deployment statistics.

Remediation

Update themesawesome History Timeline plugin to the latest available version beyond 1.0.6 immediately. Verify the exact patched version number from the Patchstack vulnerability database entry (https://patchstack.com/database/Wordpress/Plugin/timeline-awesome/vulnerability/wordpress-history-timeline-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve) or the official plugin repository. As an interim mitigation, restrict plugin access via WordPress user role management and verify that timeline functionality is only accessible to intended user roles via the WordPress admin interface.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62150 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy