CVE-2025-62938 MEDIUM

CVE-2025-62938: WordPress Reoon Email Verifier plugin <= 2.0.1 - Broken Access Control vulnerability

Vendor Reoon Technology
Product Reoon Email Verifier
Weakness CWE-862 · Missing authorization
Published October 27, 2025
Last update April 28, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in Reoon Technology Reoon Email Verifier reoon-email-verifier allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reoon Email Verifier: from n/a through <= 2.0.1.

Explanation of Vulnerability in Simple Terms

02Summary

Reoon Email Verifier versions 2.0.1 and earlier lack proper authorization checks, allowing authenticated users to trigger a denial-of-service condition. An attacker with low-level account access can exhaust the application's availability without requiring user interaction. The vulnerability affects the service's ability to respond to legitimate requests.

What an attacker can do

03Attacker Capabilities

Disrupt the service's availability by exhausting resources through repeated requests.

Potential impact on your site

04Site Impact

Legitimate users may experience service unavailability or degraded performance during an attack.

Conditions required to exploit

05Prerequisites

Attacker must have a valid low-privilege account on the system.

Key dates

06Disclosure timeline

October 27, 2025 CVE published
April 28, 2026 Record updated