CVE-2025-22721

{"id": "CVE-2025-22721", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-01-21T18:15:15.880", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/apply-online/vulnerability/wordpress-applyonline-plugin-2-6-7-1-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline \u2013 Application Form Builder and Manager: from n/a through 2.6.7.1."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a ApplyOnline \u2013 Application Form Builder and Manager: desde n/a hasta 2.6.7.1."}], "lastModified": "2025-01-21T18:15:15.880", "sourceIdentifier": "audit@patchstack.com"}