CVE Catalog

CVE-2025-66076

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

The Woostify Sites Library plugin version 1.6.2 and earlier contains a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized access to template library functions.

Risk Assessment

An unauthenticated attacker can access sensitive resources or administrative functions, potentially leading to data leakage or unauthorized modifications to the site.

Recommendation

Immediately update the Woostify Sites Library plugin to the latest available version that addresses this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS