Access Control Flaw in Nuss Product by uxper
CVE-2025-52804

7.5HIGH

Key Information:

Vendor: WordPress
Status: Nuss
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-52804?

A missing authorization vulnerability exists in uxper's Nuss product, allowing unauthorized users to access functionalities that are not properly protected by Access Control Lists (ACLs). This flaw affects versions from n/a through 1.3.3 of the Nuss product, posing significant risks to user data and system integrity.

Affected Version(s)

Nuss <= 1.3.3

References

https://patchstack.com/database/wordpress/theme/nuss/vuln...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Thái An (Patchstack Alliance)

WordPress

What is CVE-2025-52804?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit