CVE-2025-32296: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in quantumcloud Simple Link Directory Pro plugin affecting versions through 14.7.3. The vulnerability was disclosed on May 16, 2025, and has been assigned identifier CVE-2025-32296. The issue allows exploiting incorrectly configured access control security levels in the WordPress plugin (NVD, Patchstack).

The vulnerability has been classified as CWE-862 (Missing Authorization) and received a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges or user interaction, and has a limited impact on integrity with no impact on confidentiality or availability (NVD, Patchstack).

The vulnerability could allow unauthenticated users to perform actions that should require proper authorization, potentially leading to unauthorized modifications in the system (Patchstack).

Currently, no official fix is available for this vulnerability. The issue affects versions through 14.7.3 of the Simple Link Directory Pro plugin (Patchstack).