CVE-2025-39388: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability in Solid Plugins AnalyticsWP allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability affects AnalyticsWP versions through 2.0.0. The vulnerability was discovered by Trương Hữu Phúc and was assigned CVE-2025-39388 on April 16, 2025 (CVE Details, Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS v3 Base Score of 5.3 (Medium). The attack vector is Network-based with low attack complexity, requiring no privileges or user interaction. The vulnerability has an Impact Score of 1.4 and an Exploitability Score of 3.9. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N (AttackerKB).

The vulnerability affects the integrity of the system with a low impact, while confidentiality and availability remain unaffected. It allows unauthenticated access to functionality that should be restricted by Access Control Lists (ACLs) (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The security issue has been classified as having a low severity impact and is considered unlikely to be exploited (Patchstack).