Missing Authorization Flaw in Wappointment by Wappointment Team
CVE-2025-68575

Currently unrated

Key Information:

Vendor: WordPress
Status: Wappointment
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68575?

The Wappointment plugin for WordPress suffers from a Missing Authorization vulnerability that allows unauthorized users to exploit incorrectly configured access control security levels. This flaw affects versions of Wappointment up to 2.7.2, potentially allowing attackers to gain unauthorized access to sensitive areas of the website or application, thereby compromising user safety and data integrity. Proper configuration and timely updates are essential to mitigate these risks.

Affected Version(s)

Wappointment <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wapp...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 19, 2025

Credit

daroo | Patchstack Bug Bounty Program

JSON