What the vulnerability does
01Description
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
CVSS base score
—
Key dates
02Disclosure timeline
January 4, 2023
CVE published
April 10, 2025
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2023-51519 WordPress Slider by Soliloquy – Responsive Image Slider for WordPress plugin <= 2.7.2 - Broken Access Control vulnerability
CVE-2024-12719 WordPress File Upload <= 4.24.15 - Missing Authorization to Authenticated (Subscriber+) Limited Path Traversal
CVE-2025-39561 WordPress LoginWP - Pro Plugin <= 4.0.8.5 - Broken Access Control vulnerability
CVE-2023-51670 WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability
CVE-2024-10853 Buy one click WooCommerce <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Order Deletion
