CVE-2025-62150
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in themesawesome History Timeline timeline-awesome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects History Timeline: from n/a through <= 1.0.6.
AnalysisAI
Missing authorization controls in themesawesome History Timeline WordPress plugin versions through 1.0.6 permit exploitation of incorrectly configured access control, allowing unauthenticated or low-privileged users to bypass security restrictions and access protected functionality. The vulnerability stems from improper enforcement of access control checks (CWE-862), classified as a broken access control flaw. No public exploit code or active exploitation has been confirmed, though the low EPSS score (0.04%) suggests limited practical exploitation likelihood in real-world deployments.
Technical ContextAI
The vulnerability exists in the themesawesome History Timeline WordPress plugin, which provides timeline display and management functionality. The root cause is CWE-862 (Missing Authorization), indicating that the plugin fails to properly verify user permissions before allowing access to sensitive operations or data. WordPress plugins are server-side PHP applications loaded into the wp-content/plugins directory; broken access control flaws in WordPress plugins typically manifest when nonces are missing, role checks are absent, or capability verification is incomplete in AJAX handlers or REST endpoints. The affected CPE context is WordPress plugin ecosystem (cpe:2.25:a:themesawesome:history_timeline), where authorization bypass vulnerabilities can expose timeline creation, editing, deletion, or viewing capabilities to unauthorized users.
Affected ProductsAI
themesawesome History Timeline WordPress plugin in versions up to and including 1.0.6. The vulnerability affects all installations of this plugin that have not been updated beyond version 1.0.6. See Patchstack advisory for version distribution and deployment statistics.
RemediationAI
Update themesawesome History Timeline plugin to the latest available version beyond 1.0.6 immediately. Verify the exact patched version number from the Patchstack vulnerability database entry (https://patchstack.com/database/Wordpress/Plugin/timeline-awesome/vulnerability/wordpress-history-timeline-plugin-1-0-6-broken-access-control-vulnerability?_s_id=cve) or the official plugin repository. As an interim mitigation, restrict plugin access via WordPress user role management and verify that timeline functionality is only accessible to intended user roles via the WordPress admin interface.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today