CVE-2025-47534

{"id": "CVE-2025-47534", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-05-16T16:15:41.847", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-3-25-0-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en ValvePress Wordpress Auto Spinner permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Auto Spinner de WordPress desde la versi\u00f3n n/d hasta la 3.25.0."}], "lastModified": "2025-05-19T13:35:50.497", "sourceIdentifier": "audit@patchstack.com"}