CVE-2025-22668: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-22668) was discovered in AwesomeTOGI Awesome Event Booking plugin versions through 2.7.2. The vulnerability was identified on January 7, 2025, and publicly disclosed by Patchstack OÜ. This security issue affects the WordPress plugin's access control security levels, potentially allowing unauthorized access to restricted functionalities (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 6.5 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, indicating that it can be exploited over the network, requires low attack complexity, and needs no privileges or user interaction (NVD).

The vulnerability allows potential exploitation of incorrectly configured access control security levels, which could lead to unauthorized users executing higher privileged actions. The CVSS scoring indicates potential impacts on both integrity and availability, though confidentiality is not directly affected (Patchstack).

The vulnerability has been fixed in version 2.7.5 of the Awesome Event Booking plugin. Users are advised to update to version 2.7.5 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins as an additional security measure (Patchstack).