CVE-2025-31881: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in Stylemix Pearl, affecting versions through 1.3.9. The vulnerability was discovered by researcher Mika and was publicly disclosed on April 1, 2025. This security issue involves broken access control that could potentially allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability has been assigned CVE-2025-31881 and is classified as a Missing Authorization vulnerability (CWE-862). According to the CVSS 3.1 scoring system, it has received a base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability specifically relates to incorrectly configured access control security levels (NVD).

The vulnerability allows for exploitation of incorrectly configured access control security levels, potentially enabling subscriber-level users to perform actions beyond their intended privileges. The impact has been assessed as having low integrity and availability consequences, with no direct impact on confidentiality according to the CVSS scoring (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue has been classified as low priority, and a virtual patch is deemed unnecessary according to the security assessment (Patchstack).