Missing Authorization Vulnerability in WowRevenue Plugin from WPXPO
CVE-2025-62070

Currently unrated

Key Information:

Vendor

WordPress
Status
Wowrevenue
Vendor
CVE Published:
22 October 2025

What is CVE-2025-62070?

The WowRevenue plugin by WPXPO contains a missing authorization vulnerability that allows unauthorized access to sensitive functionalities. This issue affects versions up to 1.2.13, potentially exposing user data and operations within the site. Website administrators using this plugin should update to the latest version to mitigate the risk of exploitation.

Affected Version(s)

WowRevenue <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/reve...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter (Patchstack Alliance)
JSON
.
CVE-2025-62070 : Missing Authorization Vulnerability in WowRevenue Plugin from WPXPO