Missing Authorization Issue in Podlove Web Player by Gerrit Vanaaken
CVE-2025-62908

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Podlove Web Player
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-62908?

A vulnerability exists in the Podlove Web Player by Gerrit Vanaaken, where access control mechanisms are not properly implemented, allowing unauthorized users to access restricted functionalities. This issue particularly affects versions of the Podlove Web Player from n/a through 5.9.1, where Access Control Lists (ACLs) fail to secure certain operations effectively, potentially exposing sensitive user interactions. It is crucial for users to apply patches and updates to mitigate this risk.

Affected Version(s)

Podlove Web Player <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/podl...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Bao - BlueRock | Patchstack Bug Bounty Program

JSON

WordPress

What is CVE-2025-62908?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit