Missing Authorization Issue in BBP Core by Spider Themes
CVE-2025-68572

Currently unrated

Key Information:

Vendor: WordPress
Status: Bbp Core
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68572?

A critical missing authorization vulnerability exists in the BBP Core plugin developed by Spider Themes, which may allow attackers to exploit incorrectly configured access control settings. This weakness compromises the intended security measures, enabling unauthorized access to sensitive functionalities. Users of BBP Core versions up to and including 1.4.1 are at risk and should take immediate action to secure their installations.