CVE-2025-49950 HIGH

CVE-2025-49950: WordPress Official Integration for Billingo plugin <= 4.3.0 - Privilege Escalation vulnerability

Vendor Billingo

Product Official Integration for Billingo

Weakness CWE-862 · Missing authorization

Published October 22, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

7.2/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Missing Authorization vulnerability in billingo Official Integration for Billingo billingo allows Privilege Escalation.This issue affects Official Integration for Billingo: from n/a through <= 4.3.0.

Key dates

02Disclosure timeline

October 22, 2025 CVE published

April 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-49950

Related vulnerabilities

04Related CVE

CVE-2022-3007 Unauthorized Access Vulnerability in Syska SW100 Smartwatch CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures) CVE-2024-31281 WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability CVE-2025-66133 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent plugin <= 4.0.7 - Broken Access Control vulnerability CVE-2023-38383 WordPress Language plugin <= 1.2.1 - Broken Access Control vulnerability