What the vulnerability does
01Description
In messaging service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.
CVSS base score
—
Key dates
02Disclosure timeline
October 14, 2022
CVE published
May 15, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2024-37209 WordPress User Rights Access Manager plugin <= 1.1.2 - Broken Access Control vulnerability
CVE-2024-37201 WordPress Woocommerce Customers Order History plugin <= 5.2.2 - Broken Access Control vulnerability
CVE-2026-2233 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.2.8 - Missing Authorization to Unauthenticated Arbitrary Post Modification via 'post_id' Parameter
CVE-2025-31581 WordPress WP Video Playlist plugin <= 1.1.2 - Settings Change vulnerability
CVE-2024-8548 KB Support – WordPress Help Desk and Knowledge Base <= 1.6.6 - Missing Authorization to Authenticated (Subscriber+) Multiple Administrator Actions
