CVE-2025-24588 — Missing Authorization in Wordpress

CWE-862 — Missing Authorization CWE-354 — Improper Validation of Integrity Check Value5 documents5 sources

Severity

3.5LOW

No vector

EPSS

0.2%

top 62.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Patreon Wordpress

Timeline

PublishedJan 24

Latest updateJun 16

Description

Missing Authorization vulnerability in patreon Patreon WordPress patreon-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Patreon WordPress: from n/a through <= 1.9.1.

Affected Packages1 packages

▶CVEListV5patreon/patreon_wordpress1.9.1

🔴Vulnerability Details

Kernel

wifi: prevent A-MSDU attacks in mesh networks↗2025-06-16

▶

CVEList

WordPress Patreon WordPress plugin <= 1.9.1 - Broken Access Control vulnerability↗2025-01-24

▶

GHSA

GHSA-3v34-886r-p598: Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels↗2025-01-24

▶