Missing Authorization Vulnerability in Majestic Support Plugin by Majestic Support
CVE-2025-49860

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Majestic Support
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-49860?

A missing authorization vulnerability has been identified in the Majestic Support Plugin, which allows unauthorized users to access sensitive functionalities and data. This flaw impacts versions of the plugin up to 1.1.0, highlighting the importance of implementing proper access controls. Users of the Majestic Support Plugin are advised to review their security measures and apply any available patches to mitigate potential risks.

Affected Version(s)

Majestic Support <= 1.1.0

References

https://patchstack.com/database/wordpress/plugin/majestic...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Fariq Fadillah Gusti Insani (Patchstack Alliance)

WordPress

What is CVE-2025-49860?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit