Broken Access Control in Effect Maker by Anibal Wainstein
CVE-2025-62914

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Effect Maker
Vendor: CVE Published:; 6 November 2025

What is CVE-2025-62914?

A missing authorization vulnerability exists in the Effect Maker plugin developed by Anibal Wainstein, which can lead to improperly configured access control levels. This issue may allow attackers to exploit the plugin and perform unauthorized actions, particularly in versions up to 1.2.1. It is essential for users of the affected versions to review their security settings and apply necessary mitigations to safeguard their WordPress sites from potential exploits.

Affected Version(s)

Effect Maker <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/effe...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Legion Hunter | Patchstack Bug Bounty Program

JSON