CVE-2025-62932

HIGH
2025-10-27 [email protected]
WordPress PHP Authentication Bypass
8.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 15:22 vuln.today
CVE Published
Oct 27, 2025 - 02:15 nvd
HIGH 8.8

DescriptionNVD

Missing Authorization vulnerability in wprio Table Block by RioVizual riovizual allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Table Block by RioVizual: from n/a through <= 3.0.0.

AnalysisAI

WordPress Table Block by RioVizual plugin versions through 3.0.0 contains a broken access control vulnerability allowing authenticated attackers with low privileges to bypass authorization checks and perform high-impact actions including data theft, modification, and service disruption. The CVSS score of 8.8 reflects network-accessible exploitation with low complexity requiring only minimal authentication. EPSS score of 0.05% (15th percentile) suggests low immediate exploitation probability, with no public exploit identified at time of analysis.

Technical ContextAI

This vulnerability stems from CWE-862 (Missing Authorization), a common server-side security weakness in web applications where the software fails to perform authorization checks before executing security-sensitive operations. In WordPress plugin architecture, this typically occurs when plugin endpoints or AJAX handlers do not validate user capabilities (such as checking for administrator, editor, or subscriber roles) before processing requests. The Table Block by RioVizual plugin appears to have exposed functionality through network-accessible interfaces (AV:N) without properly restricting access based on WordPress user role hierarchies, allowing low-privileged users (PR:L) to access administrative or privileged functions. The vulnerability affects all versions through 3.0.0, indicating a design-level authorization flaw rather than a recent regression.

Affected ProductsAI

The vulnerability impacts WordPress Table Block by RioVizual plugin versions from initial release through version 3.0.0 inclusive. This affects any WordPress installation running the riovizual plugin at or below version 3.0.0 where low-privilege user accounts exist. The vulnerability was reported by Patchstack's security audit team and detailed in their vulnerability database at https://patchstack.com/database/Wordpress/Plugin/riovizual/vulnerability/wordpress-table-block-by-riovizual-plugin-2-3-2-broken-access-control-vulnerability. Site administrators can verify their installed version through the WordPress Plugins admin panel.

RemediationAI

Site administrators should immediately upgrade the Table Block by RioVizual plugin to a version newer than 3.0.0 if available from the WordPress plugin repository or the vendor. Check the official WordPress plugin page for riovizual or contact the plugin developer (wprio) for patch availability. Until a patched version can be installed, temporary risk mitigation includes disabling the plugin if not actively required, restricting user registration to prevent untrusted low-privilege account creation, and auditing existing subscriber and contributor accounts for suspicious activity. Review WordPress user roles and remove unnecessary low-privilege accounts. Consult the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/riovizual/vulnerability/wordpress-table-block-by-riovizual-plugin-2-3-2-broken-access-control-vulnerability for additional vendor guidance and patch status updates. Monitor WordPress access logs for unusual authenticated activity from low-privilege accounts.

Share

CVE-2025-62932 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy