Missing Authorization Vulnerability in SALESmanago by SALESmanago
CVE-2025-68571

Currently unrated

Key Information:

Vendor

WordPress
Status
Salesmanago
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68571?

The SALESmanago platform is susceptible to a missing authorization vulnerability stemming from incorrectly configured access control security levels. This can allow unauthorized users to bypass security restrictions, potentially exposing sensitive data and functionality. The issue affects versions of SALESmanago up to and including 3.9.0, making it essential for users to review their security configurations and apply necessary patches.

Affected Version(s)

SALESmanago <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/sale...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68571 : Missing Authorization Vulnerability in SALESmanago by SALESmanago