Access Control Security Flaw in Cooked by Gora Tech
CVE-2025-68586

Currently unrated

Key Information:

Vendor

WordPress
Status
Cooked
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68586?

A missing authorization vulnerability in Gora Tech's Cooked product allows attackers to exploit incorrectly configured access control security levels. This issue affects the Cooked plugin, enabling unauthorized actions by bypassing proper authorization checks.

Affected Version(s)

Cooked <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/cook...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68586 : Access Control Security Flaw in Cooked by Gora Tech