What the vulnerability does
01Description
Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1.
CVE-2025-66065
MEDIUM
CVE-2025-66065: WordPress Gutenverse plugin <= 3.2.1 - Broken Access Control vulnerability
CVSS base score
6.5/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Explanation of Vulnerability in Simple Terms
02Summary
Gutenverse versions up to 3.2.1 lack proper authorization checks, allowing authenticated users with low privileges to modify content they should not have access to. An attacker with a basic user account can change site data without restriction. The vulnerability affects the integrity of site content but does not expose sensitive information or cause downtime. Update to version 3.8.1 or later to resolve this issue.
What an attacker can do
03Attacker Capabilities
Modify or alter site content and data without proper permission checks.
Potential impact on your site
04Site Impact
Unauthorized users can alter published content, pages, or settings, compromising site integrity and trustworthiness.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site; no special user interaction required.
Key dates
06Disclosure timeline
November 21, 2025
CVE published
April 28, 2026
Record updated
External resources
07References
Related vulnerabilities
08Related CVE
CVE-2023-5417 Funnelforms Free <= 3.4 - Missing Authorization to Category Update
CVE-2025-31798 WordPress Publitio Plugin <= 2.1.8 - Broken Access Control vulnerability
CVE-2025-11669 Broken Access Control
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts
CVE-2021-39347 Stripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account Hijacking
