Missing Authorization in WebToffee Accessibility Toolkit by WebYes
CVE-2025-66112
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 21 November 2025
What is CVE-2025-66112?
The WebToffee Accessibility Toolkit by WebYes suffers from a missing authorization vulnerability, allowing attackers to exploit incorrectly configured access control mechanisms. This impacts versions from n/a to 2.0.4, potentially exposing sensitive administrative functionalities to unauthorized users. It's crucial for administrators to apply the necessary updates and security patches to safeguard their systems from potential exploitation.
Affected Version(s)
Accessibility Toolkit by WebYes <= n/a
References
CVSS V3.1
Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Legion Hunter | Patchstack Bug Bounty Program