Missing Authorization Vulnerability in All in One Accessibility by Skynet Technologies USA LLC
CVE-2025-63004
4.3MEDIUM
What is CVE-2025-63004?
A missing authorization vulnerability exists in All in One Accessibility, developed by Skynet Technologies USA LLC. This flaw allows attackers to exploit incorrectly configured access control security levels, potentially giving unauthorized access to sensitive functionalities within the plugin. Affected versions are from n/a through 1.14. Administrators are advised to assess their configurations and update to secure their installations against potential exploits.
Affected Version(s)
All in One Accessibility <= 1.14
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Legion Hunter | Patchstack Bug Bounty program