CVE-2025-28985: WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability

5.4 CVSS

Description

Missing Authorization vulnerability in Elastic Email Elastic Email Subscribe Form allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elastic Email Subscribe Form: from n/a through 1.2.2.

Classification

CVE ID: CVE-2025-28985

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Problem Types

CWE-862 Missing Authorization

Affected Products

Vendor: Elastic Email

Product: Elastic Email Subscribe Form

References

https://nvd.nist.gov/vuln/detail/CVE-2025-28985
https://patchstack.com/database/wordpress/plugin/elastic-email-subscribe-form/vulnerability/wordpress-elastic-email-subscribe-form-1-2-2-broken-access-control-vulnerability?_s_id=cve

Timeline

2025-06-06 13:40:22 UTC
CVE

WordPress Elastic Email Subscribe Form <= 1.2.2 - Broken Access Control Vulnerability