Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.7.
AnalysisAI
Missing authorization in WP Chill Revive.so plugin versions up to 2.0.7 allows unauthenticated remote attackers to bypass access controls and read sensitive information via incorrectly configured access control security levels. The vulnerability has an EPSS score of 0.02% (4th percentile), indicating minimal real-world exploitation probability despite the moderate CVSS 5.3 score. No public exploit code or active exploitation has been confirmed.
Technical ContextAI
This is a missing authorization vulnerability (CWE-862) in the WordPress plugin Revive.so, affecting all versions from the beginning through 2.0.7. The root cause is improper access control implementation that fails to enforce proper authorization checks before exposing sensitive data or functionality. The vulnerability allows unauthenticated attackers (CVSS PR:N) to exploit misconfigured security levels via network access (AV:N) with low complexity (AC:L). The CPE designation cpe:2.3:a:wp_chill:revive.so:*:*:*:*:*:*:*:* confirms the plugin is developed by WP Chill and affects all variants and versions up to the currently vulnerable release.
RemediationAI
Update the WP Chill Revive.so plugin to version 2.0.8 or later, which contains the fix for the missing authorization vulnerability. This update should be applied immediately through the WordPress plugin management interface or by manual upload. Refer to the Patchstack vulnerability database entry (https://patchstack.com/database/Wordpress/Plugin/revive-so/vulnerability/wordpress-revive-so-plugin-2-0-7-broken-access-control-vulnerability?_s_id=cve) for detailed advisory information and patch confirmation. No workarounds are available for this access control issue, making patching the only effective mitigation.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20203
GHSA-g4m4-g557-q87f