Missing Authorization in WebToffee Accessibility Toolkit by WebYes
CVE-2025-66112
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 21 November 2025
What is CVE-2025-66112?
The WebToffee Accessibility Toolkit by WebYes suffers from a missing authorization vulnerability, allowing attackers to exploit incorrectly configured access control mechanisms. This impacts versions from n/a to 2.0.4, potentially exposing sensitive administrative functionalities to unauthorized users. It's crucial for administrators to apply the necessary updates and security patches to safeguard their systems from potential exploitation.
Affected Version(s)
Accessibility Toolkit by WebYes <= n/a