WordPress Plugin Vulnerabilities

Wappointment <=2.7.2 - Missing Authorization

Description

The Wappointment plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.7.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
wappointment
No known fix

References

CVE
CVE-2025-68575
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/7e3fe5f1-87a9-491e-8ea4-2c6160bcbc20

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
daroo
Verified
No
WPVDB ID
d030e6ae-fba8-4c21-8c6b-6d0216b5f9dd

Timeline

Publicly Published
2025-12-21 (about 3 months ago)
Added
2026-01-06 (about 2 months ago)
Last Updated
2026-01-06 (about 2 months ago)

Other

Published
Title
Published
2025-01-03
Title
Hide Category by User Role for WooCommerce < 2.2 - Subscriber+ Arbitrary Content Deletion
Published
2023-11-13
Title
Delete Duplicate Posts < 4.9 - Missing Authorization via AJAX Actions
Published
2026-01-19
Title
GDPR CCPA Compliance Support < 2.7.5 - Missing Authorization
Published
2025-10-16
Title
SmartCrawl < 3.14.4 - Missing Authorization
Published
2025-05-07
Title
QS Dark Mode <= 3.0 - Missing Authorization