Authorization Flaw in Dastan800 Visual Header Affects WordPress Plugin
CVE-2025-48275

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Visual Header
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-48275?

A vulnerability in the Dastan800 Visual Header plugin for WordPress has been identified, allowing unauthorized access due to incorrectly configured access control settings. This flaw can potentially expose sensitive information or enable unauthorized actions by exploiting the absence of proper authorization checks. Affected users are advised to review their configurations and apply necessary mitigations immediately.

Affected Version(s)

Visual Header <= 1.3

References

https://patchstack.com/database/wordpress/plugin/visual-h...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
May 19, 2025

Credit

HLog (Patchstack Alliance)