Missing Authorization Vulnerability in NotFound Unlimited Timeline Product
CVE-2025-27008

7.5HIGH

Key Information:

Vendor: Notfound
Status: Unlimited Timeline
Vendor: CVE Published:; 15 April 2025

What is CVE-2025-27008?

A Missing Authorization vulnerability in the NotFound Unlimited Timeline plugin allows unauthorized access to functions that are not properly protected by Access Control Lists (ACLs). This flaw can expose sensitive functionalities to malicious actors, leading to potential data breaches or unauthorized actions within the application.

Affected Version(s)

Unlimited Timeline < 1.6.1

References

https://patchstack.com/database/wordpress/plugin/unlimite...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Tran Nguyen Bao Khanh(VCI - VNPT) (Patchstack Alliance)

Notfound

What is CVE-2025-27008?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit