Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Network-reachable with no authentication per CWE-862 bypass; scope unchanged and impact limited to low integrity writes with no data disclosure or availability loss.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Missing Authorization vulnerability in Sovlix MeetingHub meetinghub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MeetingHub: from n/a through <= 1.25.10.
AnalysisAI
Missing authorization in the MeetingHub WordPress plugin (versions through 1.25.10) allows unauthenticated remote attackers to exploit incorrectly configured access control and perform unauthorized integrity-affecting actions. The CVSS vector (PR:N/AV:N/AC:L/UI:N) confirms no authentication or user interaction is required, making any WordPress installation running an affected version directly exposed from the network. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special attacker-side conditions are required - the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms remote unauthenticated exploitation against any WordPress site running MeetingHub 1.25.10 or earlier with the plugin active. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The NVD CVSS 3.1 score of 5.3 Medium (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) accurately captures the moderate real-world risk: the attack is trivially reachable from the internet with no authentication, but the blast radius is limited to integrity modifications (I:L) with zero confidentiality or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker scans for WordPress sites with MeetingHub installed, then crafts an HTTP POST or GET request directly to the vulnerable plugin endpoint (AJAX action or REST route) without supplying any authentication credentials or cookies. The missing authorization check allows the request to proceed, enabling the attacker to modify meeting records, bookings, or other plugin-managed data. … |
| Remediation | Update the MeetingHub plugin to a version beyond 1.25.10 via the WordPress plugin dashboard or wp-cli (wp plugin update meetinghub). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43399