CVE-2025-22260: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in Pixelite Meta Tag Manager affecting versions through 3.1. The vulnerability was identified and disclosed on January 31, 2025, and was assigned CVE-2025-22260. The issue affects the Meta Tag Manager WordPress plugin and represents a broken access control vulnerability (Patchstack).

The vulnerability has been classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating that it requires low privilege level for exploitation and can potentially lead to information disclosure (NVD).

The vulnerability allows an unprivileged user to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks in specific functions. The impact is considered low severity but could potentially lead to unauthorized access to privileged functionality (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. Given the low severity impact, virtual patching has been deemed unnecessary (Patchstack).