CVE-2025-22560: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-22560) was discovered in Saoshyant Page Builder WordPress plugin affecting versions through 3.8. The vulnerability was initially reported on December 17, 2024, and publicly disclosed on January 7, 2025. This security issue involves broken access control that could potentially allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 5.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The issue is classified under CWE-862 (Missing Authorization) and represents a broken access control vulnerability that stems from missing authorization, authentication, or nonce token checks in certain functions (NVD, Patchstack).

The vulnerability has been assessed as having a low severity impact and is considered unlikely to be exploited. While it allows for potential privilege escalation through broken access control, the specific impact is limited to integrity-related concerns with no direct effect on confidentiality or availability (Patchstack).

As of January 14, 2025, no official fix has been released for this vulnerability. The issue affects all versions through 3.8 of the Saoshyant Page Builder plugin. Given the low severity impact, virtual patching has been deemed unnecessary (Patchstack).