Access Control Flaw in JetTricks Plugin by NotFound
CVE-2025-26942

7.5HIGH

Key Information:

Vendor: Notfound
Status: Jettricks
Vendor: CVE Published:; 15 April 2025

Summary

The NotFound JetTricks plugin for WordPress has a missing authorization vulnerability that allows unauthorized users to access functions not properly constrained by Access Control Lists (ACLs). This issue could lead to unauthorized actions within the plugin, affecting the security of websites utilizing this plugin. Users of JetTricks versions prior to 1.5.1 should take immediate action to address this vulnerability.

Affected Version(s)

JetTricks <= 1.5.1

References

https://patchstack.com/database/wordpress/plugin/jet-tric...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

stealthcopter (Patchstack Alliance)