exploitDog

CVE-2025-60116

Опубликовано: 26 сент. 2025

Источник: nvd

CVSS3: 5.4

CVSS3: 8.8

EPSS Низкий

Описание

Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.

Ссылки

https://patchstack.com/database/wordpress/plugin/grandconference-custom-post/vulnerability/wordpress-grand-conference-theme-custom-post-type-plugin-2-6-3-broken-access-control-vulnerability?_s_id=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:themegoods:grand_conference:*:*:*:*:*:wordpress:*:*

Версия до 2.6.4 (исключая)

EPSS

Процентиль: 23%

0.00075

Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-862

Связанные уязвимости

GHSA-q4gj-97g2-cwmr

CVSS3: 5.4

github

4 месяца назад

Missing Authorization vulnerability in ThemeGoods Grand Conference Theme Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Grand Conference Theme Custom Post Type: from n/a through 2.6.3.

EPSS

Процентиль: 23%

0.00075

Низкий

5.4 Medium

CVSS3

8.8 High

CVSS3

Дефекты

CWE-862