CVE-2025-68585 LOW

CVE-2025-68585: WordPress WP Document Revisions plugin <= 3.7.2 - Broken Access Control vulnerability

Vendor Ben Balter
Product WP Document Revisions
Weakness CWE-862 · Missing authorization
Published December 24, 2025
Last update April 28, 2026

CVSS base score

2.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in Ben Balter WP Document Revisions wp-document-revisions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Document Revisions: from n/a through <= 3.7.2.

Explanation of Vulnerability in Simple Terms

02Summary

WP Document Revisions versions 3.7.2 and earlier lack proper authorization checks on certain operations. An administrator can modify document metadata or settings in ways that bypass intended access restrictions. The vulnerability requires high-level privileges and has limited impact on data integrity.

What an attacker can do

03Attacker Capabilities

Modify document metadata or settings while bypassing intended access restrictions.

Potential impact on your site

04Site Impact

Administrators could inadvertently alter document properties or settings in unintended ways if access controls are misconfigured.

Conditions required to exploit

05Prerequisites

Attacker must have administrator-level access to the WordPress site.

Key dates

06Disclosure timeline

December 24, 2025 CVE published
April 28, 2026 Record updated