{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-47534", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-05-07T09:39:46.952Z", "datePublished": "2025-05-16T15:45:21.730Z", "dateUpdated": "2025-05-16T16:49:33.088Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-05-16T15:45:21.730Z"}, "title": "WordPress Wordpress Auto Spinner <= 3.25.0 - Broken Access Control Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "ValvePress", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected", "packageName": "wp-auto-spinner", "product": "Wordpress Auto Spinner", "versions": [{"lessThanOrEqual": "3.25.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-3-25-0-broken-access-control-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "version": "3.1"}}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Anhchangmutrang (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-16T16:41:57.816292Z", "id": "CVE-2025-47534", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T16:49:33.088Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-47534", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-16T16:41:57.816292Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-16T16:42:00.236Z"}}], "cna": {"title": "WordPress Wordpress Auto Spinner <= 3.25.0 - Broken Access Control Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Anhchangmutrang (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ValvePress", "product": "Wordpress Auto Spinner", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.25.0"}], "packageName": "wp-auto-spinner", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-3-25-0-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects Wordpress Auto Spinner: from n/a through 3.25.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-05-16T15:45:21.730Z"}}}, "cveMetadata": {"cveId": "CVE-2025-47534", "state": "PUBLISHED", "dateUpdated": "2025-05-16T16:49:33.088Z", "dateReserved": "2025-05-07T09:39:46.952Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-05-16T15:45:21.730Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in ValvePress Wordpress Auto Spinner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Wordpress Auto Spinner: from n/a through 3.25.0."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en ValvePress Wordpress Auto Spinner permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Auto Spinner de WordPress desde la versi\u00f3n n/d hasta la 3.25.0."}], "id": "CVE-2025-47534", "lastModified": "2025-05-19T13:35:50.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-05-16T16:15:41.847", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/wp-auto-spinner/vulnerability/wordpress-wordpress-auto-spinner-3-25-0-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}