CVE-2023-25446
published 2025-12-21CVE-2023-25446: Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This…
PriorityP275high7.7CVSS 3.1
AVNACLPRLUINSCCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.35%
26.6th percentile
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| happyfiles | happyfiles_pro | n/a – 1.8.1 | — |
CVSS provenance
nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
vulncheck7.7HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6jvq-p5jv-23xf: Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Level
ghsa_unreviewed·2025-12-21
CVE-2023-25446 [HIGH] CWE-862 GHSA-6jvq-p5jv-23xf: Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Level
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
VulnCheck
HappyFiles Pro Arbitrary File Deletion Vulnerability
vulncheck·2023·CVSS 7.7
CVE-2023-25446 [HIGH] HappyFiles Pro Arbitrary File Deletion Vulnerability
HappyFiles Pro Arbitrary File Deletion Vulnerability
HappyFiles Pro is vulnerable to a data modification due to a missing capability check. This could allow actions to be performed by unatuhorised users such as deleting arbitrary files.
Affected: HappyFiles HappyFiles Pro
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/happyfiles-pro/happyfiles-pro-181-missing-authorization-to-arbitrary-file-deletion
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-12-21
Published
Exploited in the wild