Authorization Flaw in NotFound Site Notify Affects Access Control Settings
CVE-2025-32240

6.5MEDIUM

Key Information:

Vendor: Notfound
Status: Site Notify
Vendor: CVE Published:; 10 April 2025

What is CVE-2025-32240?

The NotFound Site Notify plugin for WordPress has a missing authorization vulnerability that can lead to improperly configured access control settings. This flaw enables unauthorized users to exploit the system, potentially gaining access to sensitive features and data. The issue affects versions from n/a through 1.0, emphasizing the need for immediate attention and remediation to secure WordPress sites utilizing this plugin.

Affected Version(s)

Site Notify <= 1.0

References

https://patchstack.com/database/wordpress/plugin/site-not...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2025

JSON

Notfound

What is CVE-2025-32240?

Affected Version(s)

References

CVSS V3.1

Timeline