CVE-2025-23917 MEDIUM

CVE-2025-23917: WordPress Chamber Dashboard Business Directory Plugin <= 3.3.8 - Broken Access Control vulnerability

Vendor Chandrika Guntur, Morgan Kay
Product Chamber Dashboard Business Directory
Weakness CWE-862 · Missing authorization
Published January 16, 2025
Last update April 28, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8.

Key dates

02Disclosure timeline

January 16, 2025 CVE published
April 28, 2026 Record updated