Missing Authorization Vulnerability in WP Lead Capturing Pages by Kamleshyadav
CVE-2025-31425
7.5HIGH
What is CVE-2025-31425?
A missing authorization vulnerability has been identified in the WP Lead Capturing Pages plugin by Kamleshyadav, which enables attackers to exploit incorrectly configured access control security levels. This flaw can potentially lead to unauthorized access to sensitive data, as it fails to enforce proper checks for user permissions. The affected versions, ranging from n/a through 2.3, are at risk, and users should take immediate measures to mitigate this security issue.
Affected Version(s)
WP Lead Capturing Pages <= 2.3
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)