Missing Authorization Vulnerability in Mark Posts Plugin by Sven Hofmann & Michael Schoenrock
CVE-2025-23963
5.4MEDIUM
What is CVE-2025-23963?
A missing authorization vulnerability in the Mark Posts plugin, developed by Sven Hofmann & Michael Schoenrock, could allow unauthorized users to exploit incorrectly configured access control security levels. This issue affects all versions of Mark Posts from n/a up to 2.2.3, potentially compromising data integrity and access restrictions.
Affected Version(s)
Mark Posts <= 2.2.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)