CVE-2025-23961

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 16, 2025

CWE ID 862

Summary

CVE-2025-23961 is a Missing Authorization vulnerability affecting the WP Tasker plugin for WordPress, specifically its Graphs & Charts feature. The flaw allows unauthorized users to exploit incorrectly configured access control security levels, potentially gaining unauthorized access to sensitive information or functionality. This issue affects WP Tasker Graphs & Charts versions from n/a through 2.0.8. WordPress users are advised to upgrade to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2hZb6d
https://www.cve.org/CVERecord?id=CVE-2025-23961
https://nvd.nist.gov/vuln/detail/CVE-2025-23961

Back to Vulnerability Database

CVE-2025-23961

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations