CVE-2025-68557

2025-12-23 [email protected]
Authentication Bypass

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 23, 2025 - 12:15 nvd
N/A

DescriptionNVD

Missing Authorization vulnerability in Vikas Ratudi Chakra test chakra-test allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chakra test: from n/a through <= 1.0.1.

AnalysisAI

Chakra test WordPress plugin version 1.0.1 and earlier fails to properly enforce access control restrictions, allowing unauthenticated or lower-privileged users to bypass authentication mechanisms and access restricted functionality. The vulnerability stems from incorrectly configured security levels that do not validate user permissions before executing sensitive operations, and is tracked with an exceptionally low EPSS score (0.04%) despite the missing authorization flaw, suggesting limited real-world exploitation despite the theoretical risk.

Technical ContextAI

The vulnerability exists in the Chakra test WordPress plugin and is classified as CWE-862 (Missing Authorization), which occurs when a software system fails to perform proper access control checks before allowing users to perform privileged actions. WordPress plugins implementing custom functionality must leverage WordPress's built-in role and capability checking functions (such as current_user_can()) to verify that the requesting user has the necessary permissions; the Chakra test plugin appears to omit or incorrectly implement these checks. The plugin likely exposes WordPress admin functions, AJAX handlers, or REST API endpoints without proper authorization validation, allowing direct exploitation by authenticated low-privilege users or in some cases unauthenticated attackers depending on the specific vulnerable code path.

Affected ProductsAI

Chakra test WordPress plugin versions from an unspecified baseline through version 1.0.1. The vulnerability was reported by Patchstack and is documented in their vulnerability database for the Chakra test plugin. No CPE identifier is directly available in the provided data, but the plugin can be identified via standard WordPress plugin naming conventions as found on the WordPress.org plugin repository.

RemediationAI

Users of the Chakra test WordPress plugin should immediately update to a patched version beyond 1.0.1 if available from the plugin author. The primary remediation is upgrading to the latest available release that includes authorization fixes; however, patch availability and specific fixed versions are not documented in the provided references. As an interim mitigation, WordPress administrators should restrict plugin access by disabling the plugin entirely if it is not actively required, limiting user roles that can interact with plugin functionality through WordPress permission management, or isolating the plugin's capabilities through additional server-level access controls. For detailed patch information and vendor advisory updates, consult the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/chakra-test/vulnerability/wordpress-chakra-test-plugin-1-0-1-broken-access-control-vulnerability.

Share

CVE-2025-68557 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy