Missing Authorization Vulnerability in WP-EXPERTS.IN Protect WP Admin
CVE-2025-64249

4.8MEDIUM

Key Information:

Vendor: WordPress
Status: Protect WP Admin
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-64249?

The Protect WP Admin plugin by WP-EXPERTS.IN suffers from a missing authorization vulnerability that can lead to improperly configured access control levels. This flaw allows unauthorized users to exploit the system, potentially gaining access to restricted areas of the WordPress admin panel. Users of Protect WP Admin versions up to and including 4.1 should ensure they implement proper security measures to safeguard their websites from potential breaches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Protect WP Admin <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/protect-...

vdb-entry

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Oct 29, 2025

Credit

Legion Hunter | Patchstack Bug Bounty Program

JSON

WordPress