CVE-2025-24778: WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability

5.4 CVSS

Description

Missing Authorization vulnerability in De paragon No Spam At All allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects No Spam At All: from n/a through 1.3.

Classification

CVE ID: CVE-2025-24778

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Problem Types

CWE-862 Missing Authorization

Affected Products

Vendor: De paragon

Product: No Spam At All

References

https://nvd.nist.gov/vuln/detail/CVE-2025-24778
https://patchstack.com/database/wordpress/plugin/no-spam-at-all/vulnerability/wordpress-no-spam-at-all-1-3-broken-access-control-vulnerability?_s_id=cve

Timeline

2025-06-06 13:40:22 UTC
CVE

WordPress No Spam At All <= 1.3 - Broken Access Control Vulnerability