{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-23906", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-16T11:32:03.805Z", "datePublished": "2025-04-17T15:48:26.860Z", "dateUpdated": "2026-04-23T14:02:08.798Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wordpress-dashboard-twitter", "product": "WordPress Dashboard Tweeter", "vendor": "wpseek", "versions": [{"lessThanOrEqual": "1.3.2", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mika | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-22T14:29:36.856Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter wordpress-dashboard-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WordPress Dashboard Tweeter: from n/a through <= 1.3.2.</p>"}], "value": "Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter wordpress-dashboard-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Dashboard Tweeter: from n/a through <= 1.3.2."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-23T14:02:08.798Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wordpress-dashboard-twitter/vulnerability/wordpress-wordpress-dashboard-tweeter-plugin-1-3-2-settings-change-vulnerability?_s_id=cve"}], "title": "WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T17:41:52.765217Z", "id": "CVE-2025-23906", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T18:15:25.691Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-23906", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T17:41:52.765217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T17:41:54.414Z"}}], "cna": {"title": "WordPress WordPress Dashboard Tweeter plugin <= 1.3.2 - Settings Change vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "wpseek", "product": "WordPress Dashboard Tweeter", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "1.3.2"}], "packageName": "wordpress-dashboard-twitter", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wordpress-dashboard-twitter/vulnerability/wordpress-wordpress-dashboard-tweeter-plugin-1-3-2-settings-change-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects WordPress Dashboard Tweeter: from n/a through 1.3.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-17T15:48:26.860Z"}}}, "cveMetadata": {"cveId": "CVE-2025-23906", "state": "PUBLISHED", "dateUpdated": "2025-04-17T18:15:25.691Z", "dateReserved": "2025-01-16T11:32:03.805Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-04-17T15:48:26.860Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in wpseek WordPress Dashboard Tweeter wordpress-dashboard-twitter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Dashboard Tweeter: from n/a through <= 1.3.2."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en wpseek WordPress Dashboard Tweeter permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Tweeter del panel de WordPress desde la versi\u00f3n n/d hasta la 1.3.2."}], "id": "CVE-2025-23906", "lastModified": "2026-04-23T15:24:45.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-17T16:15:31.040", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wordpress-dashboard-twitter/vulnerability/wordpress-wordpress-dashboard-tweeter-plugin-1-3-2-settings-change-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}