Access Control Vulnerability in No Spam At All Plugin by De Paragon
CVE-2025-24778

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: No Spam At All
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-24778?

The No Spam At All plugin by De Paragon suffers from a Missing Authorization vulnerability due to incorrectly configured access control security levels. This flaw enables unauthorized users to gain access, raising concerns about data security and integrity. The affected versions include all prior to 1.3 and the plugin is integral for preventing spam in WordPress sites. Users should assess their configurations to remediate potential threats.

Affected Version(s)

No Spam At All <= 1.3

References

https://patchstack.com/database/wordpress/plugin/no-spam-...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

ch4r0n (Patchstack Alliance)