{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32243", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-04T10:02:07.011Z", "datePublished": "2025-04-10T08:09:47.134Z", "dateUpdated": "2025-04-10T15:52:28.758Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-10T08:09:47.134Z"}, "title": "WordPress Internal Link Optimiser plugin <= 5.1.2 - Settings Change vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "affected": [{"vendor": "Toast Plugins", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "internal-link-finder", "product": "Internal Link Optimiser", "versions": [{"lessThanOrEqual": "5.1.2", "status": "affected", "version": "n/a", "versionType": "custom", "changes": [{"at": "5.1.3", "status": "unaffected"}]}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects Internal Link Optimiser: from n/a through 5.1.2.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/internal-link-finder/vulnerability/wordpress-internal-link-optimiser-plugin-5-1-2-settings-change-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "baseSeverity": "MEDIUM", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "version": "3.1"}}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update the WordPress Internal Link Optimiser wordpress plugin to the latest available version (at least 5.1.3)."}], "value": "Update the WordPress Internal Link Optimiser wordpress plugin to the latest available version (at least 5.1.3)."}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-10T15:51:19.372647Z", "id": "CVE-2025-32243", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T15:52:28.758Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Toast Plugins Internal Link Optimiser allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Internal Link Optimiser: from n/a through 5.1.2."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Toast Plugins Internal Link Optimiser permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al Optimizador de Enlaces Internos desde la versi\u00f3n n/d hasta la 5.1.2."}], "id": "CVE-2025-32243", "lastModified": "2025-04-11T15:39:52.920", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-04-10T08:15:20.237", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/wordpress/plugin/internal-link-finder/vulnerability/wordpress-internal-link-optimiser-plugin-5-1-2-settings-change-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}