Missing Authorization Flaw in Horea Radu One Page Express Companion Plugin
CVE-2025-62052

Currently unrated

Key Information:

Vendor

WordPress
Status
One Page Express Companion
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62052?

A missing authorization vulnerability in the One Page Express Companion plugin by Horea Radu allows an unauthenticated attacker to bypass access controls, potentially gaining unauthorized access to sensitive functionalities. This flaw affects versions prior to 1.6.43, posing risks for users who have not updated their installations. Proper access management measures should be taken to prevent exploitation.

Affected Version(s)

One Page Express Companion <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/one-...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter (Patchstack Alliance)
JSON
.
CVE-2025-62052 : Missing Authorization Flaw in Horea Radu One Page Express Companion Plugin