CVE-2025-39368: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-39368) was discovered in ed4becky Rootspersona WordPress plugin affecting versions through 3.7.5. The vulnerability was disclosed on May 19, 2025, and was identified by researcher domiee13 on April 20, 2025 (Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS v3.1 base score of 5.3 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability stems from a missing authorization check that could allow unprivileged users to execute certain higher privileged actions. The technical assessment indicates that it requires no user interaction and can be exploited remotely through network access (Patchstack).

The vulnerability has a low severity impact on the system's integrity, with no impact on confidentiality or availability. The CVSS impact score is 1.4, while the exploitability score is 3.9, indicating that while the vulnerability is relatively easy to exploit, its potential for damage is limited (AttackerKB).

Currently, there is no official fix available for this vulnerability. The security issue has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).