{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22721", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-01-07T21:03:44.259Z", "datePublished": "2025-01-21T17:21:51.532Z", "dateUpdated": "2025-01-21T18:42:34.192Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-21T17:21:51.532Z"}, "title": "WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Farhan Noor", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "apply-online", "product": "ApplyOnline \u2013 Application Form Builder and Manager", "versions": [{"lessThanOrEqual": "2.6.7.1", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "2.6.7.2", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline \u2013 Application Form Builder and Manager: from n/a through 2.6.7.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects ApplyOnline \u2013 Application Form Builder and Manager: from n/a through 2.6.7.1.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/apply-online/vulnerability/wordpress-applyonline-plugin-2-6-7-1-broken-access-control-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress ApplyOnline \u2013 Application Form Builder and Manager wordpress plugin to the latest available version (at least 2.6.7.2)."}], "value": "Update the WordPress ApplyOnline \u2013 Application Form Builder and Manager wordpress plugin to the latest available version (at least 2.6.7.2)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-21T18:35:46.381278Z", "id": "CVE-2025-22721", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T18:42:34.192Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22721", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-21T18:35:46.381278Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-21T18:35:48.274Z"}}], "cna": {"title": "WordPress ApplyOnline plugin <= 2.6.7.1 - Broken Access Control vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Farhan Noor", "product": "ApplyOnline \u2013 Application Form Builder and Manager", "versions": [{"status": "affected", "changes": [{"at": "2.6.7.2", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "2.6.7.1"}], "packageName": "apply-online", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress ApplyOnline \u2013 Application Form Builder and Manager wordpress plugin to the latest available version (at least 2.6.7.2).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress ApplyOnline \u2013 Application Form Builder and Manager wordpress plugin to the latest available version (at least 2.6.7.2).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/apply-online/vulnerability/wordpress-applyonline-plugin-2-6-7-1-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline \u2013 Application Form Builder and Manager: from n/a through 2.6.7.1.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects ApplyOnline \u2013 Application Form Builder and Manager: from n/a through 2.6.7.1.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-01-21T17:21:51.532Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22721", "state": "PUBLISHED", "dateUpdated": "2025-01-21T18:42:34.192Z", "dateReserved": "2025-01-07T21:03:44.259Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-01-21T17:21:51.532Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Farhan Noor ApplyOnline \u2013 Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ApplyOnline \u2013 Application Form Builder and Manager: from n/a through 2.6.7.1."}], "id": "CVE-2025-22721", "lastModified": "2025-01-21T18:15:15.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-01-21T18:15:15.880", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/apply-online/vulnerability/wordpress-applyonline-plugin-2-6-7-1-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}