What the vulnerability does
01Description
Missing Authorization vulnerability in nikmelnik Realbig realbig-media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Realbig: from n/a through <= 1.1.3.
CVE-2025-62147
MEDIUM
CVE-2025-62147: WordPress Realbig plugin <= 1.1.3 - Broken Access Control vulnerability
CVSS base score
5.3/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Explanation of Vulnerability in Simple Terms
02Summary
Realbig versions 1.1.3 and earlier lack proper authorization checks, allowing unauthenticated attackers to modify data on the site. The vulnerability requires only network access and no user interaction. An attacker can alter information without needing valid credentials or victim involvement.
What an attacker can do
03Attacker Capabilities
Modify site data without authentication.
Potential impact on your site
04Site Impact
Unauthorized changes to site content or configuration by remote attackers.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
December 31, 2025
CVE published
April 28, 2026
Record updated
External resources
07References
Related vulnerabilities
08Related CVE
CVE-2025-5282 WP Travel Engine <= 6.5.1 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
CVE-2024-2292 Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data
CVE-2024-45461 Apache CloudStack Quota plugin: Access checks not enforced in Quota
CVE-2024-53798 WordPress FloristPress plugin <= 7.3.0 - Nonce Leakage to Broken Access Control vulnerability
CVE-2026-25317 WordPress Print Invoice & Delivery Notes for WooCommerce plugin <= 5.9.0 - Broken Access Control vulnerability
