CVE-2025-53337 MEDIUM

CVE-2025-53337: WordPress LifePress plugin <= 2.1.3 - Broken Access Control vulnerability

Vendor Ashan Perera

Product LifePress

Weakness CWE-862 · Missing authorization

Published August 28, 2025

Last update April 28, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in Ashan Perera LifePress lifepress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LifePress: from n/a through <= 2.1.3.

Explanation of Vulnerability in Simple Terms

02Summary

LifePress versions 2.1.3 and earlier lack proper authorization checks, allowing authenticated users to modify or disable site functionality. An attacker with a low-privilege account can alter data or disrupt service availability without proper permission validation. Update to a version newer than 2.1.3 to resolve this issue.

What an attacker can do

03Attacker Capabilities

Modify site data or disrupt availability with a low-privilege user account.

Potential impact on your site

04Site Impact

Authenticated users can alter content or disable features without proper authorization.

Conditions required to exploit

05Prerequisites

Attacker must have a valid low-privilege user account on the site.

Key dates

06Disclosure timeline

August 28, 2025 CVE published

April 28, 2026 Record updated

External resources

07References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-53337 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities