WordPress Plugin Vulnerabilities

Gutentor < 3.5.3 - Missing Authorization

Description

The plugin is vulnerable to unauthorized access due to a missing capability check on a function. This makes it possible for authenticated attackers, with contributor-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
gutentor
Fixed in 3.5.3

References

CVE
CVE-2025-58680
URL
https://patchstack.com/database/wordpress/plugin/gutentor/vulnerability/wordpress-gutentor-plugin-3-5-2-broken-access-control-vulnerability

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
n0_arafat_n0
Verified
No
WPVDB ID
788fd59d-9528-4640-85a1-a9788aa4b25b

Timeline

Publicly Published
2025-09-22 (about 9 months ago)
Added
2025-09-26 (about 9 months ago)
Last Updated
2025-10-22 (about 8 months ago)

Other

Published
Title
Published
2024-12-24
Title
MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution < 2.0.25 - Missing Authorization
Published
2023-05-04
Title
Multi Rating <= 5.0.6 - Unauthenticated Ratings Update
Published
2026-02-26
Title
Simply Schedule Appointments < 1.6.11.1 - Missing Authorization
Published
2025-01-07
Title
1003 Mortgage Application <= 1.87 - Missing Authorization
Published
2022-12-15
Title
Royal Elementor Addons < 1.3.56 - Subscriber+ Arbitrary Post Creation