Missing Authorization Vulnerability in Thim Elementor Kit by ThimPress
CVE-2025-24725

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Thim Elementor Kit
Vendor: CVE Published:; 24 January 2025

What is CVE-2025-24725?

A missing authorization vulnerability exists in the Thim Elementor Kit, allowing for the exploitation of improperly configured access control security levels. This issue poses a risk to users by potentially allowing unauthorized access to certain functionalities. The vulnerability affects all versions of Thim Elementor Kit from n/a through 1.2.8. Organizations using this plugin should assess their installations and apply necessary security measures to mitigate potential risks.

Affected Version(s)

Thim Elementor Kit <= 1.2.8

References

https://patchstack.com/database/wordpress/plugin/thim-ele...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Prissy (Patchstack Alliance)