WordPress Plugin Vulnerabilities

WP Wand < 1.2.6 - Missing Authorization

Description

The WP Wand plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to utilize the plugins functionality.

Affects Plugins

Plugin icon
ai-content-generation
Fixed in 1.2.6

References

CVE
CVE-2025-22302
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5347f988-6ee3-4e9b-ab55-4debe074aa12

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Dhabaleshwar Das
Verified
No
WPVDB ID
1f98014e-76f7-4111-97ea-b2801b1bcc97

Timeline

Publicly Published
2025-01-06 (about 1 year ago)
Added
2025-01-15 (about 1 year ago)
Last Updated
2025-01-15 (about 1 year ago)

Other

Published
Title
Published
2026-03-18
Title
WPVulnerability < 4.2.1.1 - Missing Authorization
Published
2024-07-04
Title
Charitable < 1.8.1.8 - Missing Authorization to Unauthorized Donation
Published
2025-04-04
Title
Order Delivery Date Pro for WooCommerce < 12.3.1 - Unauthenticated Arbitrary Option Update
Published
2025-10-14
Title
Library Management System < 3.2 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation
Published
2024-09-24
Title
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. Also, Display Google sheet as a Table. < 3.8.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update