Missing Authorization Vulnerability in Ivory Search Plugin by Vinod Dalvi
CVE-2025-63069
5.3MEDIUM
What is CVE-2025-63069?
The Ivory Search plugin by Vinod Dalvi is affected by a missing authorization vulnerability that arises from incorrectly configured access control security levels. This vulnerability allows unauthorized users to gain access to sensitive features, affecting versions of the plugin from n/a through 5.5.12. Website administrators should promptly assess their installations to ensure their security configurations are correctly set.
Affected Version(s)
Ivory Search <= n/a
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Que Thanh Tuan - Blue Rock | Patchstack Bug Bounty Program