CVE-2025-63031

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 15:15 nvd
N/A

Tags

WordPress PHP Authentication Bypass

Description

Missing Authorization vulnerability in WP Grids EasyTest convertpro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyTest: from n/a through <= 1.0.1.

Analysis

Missing authorization controls in WP Grids EasyTest plugin versions up to 1.0.1 allow unauthenticated attackers to bypass access restrictions and perform unauthorized actions due to incorrectly configured access control security levels. The vulnerability enables exploitation of broken access control without authentication, though real-world exploitation probability remains low at 0.04% EPSS. No public exploit code or active exploitation has been identified.

Technical Context

This vulnerability stems from CWE-862 (Missing Authorization), a root cause class where the application fails to enforce proper access control checks on sensitive functionality. The WP Grids EasyTest WordPress plugin does not properly validate user permissions before allowing access to protected operations or resources. WordPress plugins are server-side PHP applications that extend WordPress functionality; improper access control at the plugin level can allow unauthenticated users or low-privilege users to interact with administrative or user-restricted features. The affected product is identified via the WordPress plugin ecosystem (convertpro plugin package), and the vulnerability affects all versions from the initial release through version 1.0.1.

Affected Products

WP Grids EasyTest WordPress plugin (convertpro package) versions from initial release through 1.0.1 are affected. Additional details and advisory information are available from Patchstack at https://patchstack.com/database/Wordpress/Plugin/convertpro/vulnerability/wordpress-easytest-plugin-1-0-1-broken-access-control-vulnerability.

Remediation

Users of WP Grids EasyTest should upgrade to the patched version released after 1.0.1 as soon as feasible. Refer to the plugin's WordPress.org page or contact the vendor for the specific patched version number. Until patching is possible, restrict plugin functionality through WordPress user role and capability filtering, and consider disabling the plugin entirely if it is not actively required. Detailed remediation guidance is available from Patchstack's vulnerability database entry.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-63031 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy