CVE-2025-24725: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in ThimPress Thim Elementor Kit WordPress plugin versions 1.2.8 and below. The vulnerability was discovered by researcher Prissy and was publicly disclosed on January 24, 2025, with the identifier CVE-2025-24725. The issue was assigned a CVSS score of 4.3 (Medium) (Patchstack).

The vulnerability is classified as a Broken Access Control issue, which stems from missing authorization, authentication, or nonce token checks in certain functions. This security flaw could potentially allow unprivileged users to execute actions typically reserved for users with higher privileges. The vulnerability has been assigned a CVSS score of 4.3, indicating a medium severity level with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (Patchstack).

The vulnerability has been assessed to have a low severity impact and is considered unlikely to be exploited. The security issue primarily affects the access control mechanisms of the plugin, potentially allowing unauthorized actions to be performed (Patchstack).

The vulnerability has been fixed in version 1.2.9 of the Thim Elementor Kit plugin. Users are advised to update to version 1.2.9 or later to remediate the vulnerability. For Patchstack users, enabling auto-update for vulnerable plugins is recommended as an additional security measure (Patchstack).