CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-23766: WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability

6.5 CVSS

Description

Missing Authorization vulnerability in ashamil OPSI Israel Domestic Shipments allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects OPSI Israel Domestic Shipments: from n/a through 2.6.6.

Classification

CVE ID: CVE-2025-23766

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Affected Products

Vendor: ashamil

Product: OPSI Israel Domestic Shipments

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.99% (scored less or equal to compared to others)

EPSS Date: 2025-03-15 (when was this score calculated)

References

https://patchstack.com/database/wordpress/plugin/woo-ups-pickup/vulnerability/wordpress-opsi-israel-domestic-shipments-plugin-2-6-3-broken-access-control-vulnerability?_s_id=cve

Timeline

2025-02-15 00:33:25 UTC
CVE

WordPress OPSI Israel Domestic Shipments plugin <= 2.6.6 - Broken Access Control vulnerability