Skip to main content

WP Grids EasyTest CVE-2025-63031

MEDIUM
Missing Authorization (CWE-862)
2025-12-31 audit@patchstack.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
CVSS changed
Apr 23, 2026 - 15:43 NVD
5.3 (MEDIUM)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 15:15 nvd
N/A

DescriptionCVE.org

Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.

AnalysisAI

Missing authorization controls in WP Grids EasyTest plugin versions up to 1.0.1 allow unauthenticated attackers to bypass access restrictions and perform unauthorized actions due to incorrectly configured access control security levels. The vulnerability enables exploitation of broken access control without authentication, though real-world exploitation probability remains low at 0.04% EPSS. No public exploit code or active exploitation has been identified.

Technical ContextAI

This vulnerability stems from CWE-862 (Missing Authorization), a root cause class where the application fails to enforce proper access control checks on sensitive functionality. The WP Grids EasyTest WordPress plugin does not properly validate user permissions before allowing access to protected operations or resources. WordPress plugins are server-side PHP applications that extend WordPress functionality; improper access control at the plugin level can allow unauthenticated users or low-privilege users to interact with administrative or user-restricted features. The affected product is identified via the WordPress plugin ecosystem (convertpro plugin package), and the vulnerability affects all versions from the initial release through version 1.0.1.

Affected ProductsAI

WP Grids EasyTest WordPress plugin (convertpro package) versions from initial release through 1.0.1 are affected. Additional details and advisory information are available from Patchstack at https://patchstack.com/database/Wordpress/Plugin/convertpro/vulnerability/wordpress-easytest-plugin-1-0-1-broken-access-control-vulnerability.

RemediationAI

Users of WP Grids EasyTest should upgrade to the patched version released after 1.0.1 as soon as feasible. Refer to the plugin's WordPress.org page or contact the vendor for the specific patched version number. Until patching is possible, restrict plugin functionality through WordPress user role and capability filtering, and consider disabling the plugin entirely if it is not actively required. Detailed remediation guidance is available from Patchstack's vulnerability database entry.

Share

CVE-2025-63031 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy