Missing Authorization Flaw in WP Adminify by Liton Arefin
CVE-2025-68592

Currently unrated

Key Information:

Vendor: WordPress
Status: WP Adminify
Vendor: CVE Published:; 24 December 2025

What is CVE-2025-68592?

WP Adminify, a plugin developed by Liton Arefin, contains a missing authorization vulnerability that allows attackers to exploit improperly configured access control security levels. This flaw can lead to unauthorized actions being performed within the admin panel, impacting the security and integrity of WordPress sites using versions up to and including 4.0.6.1.

Affected Version(s)

WP Adminify <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/admi...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 24, 2025
Vulnerability Reserved
Dec 19, 2025

Credit

daroo | Patchstack Bug Bounty Program

JSON