CVE-2025-46232: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability was discovered in Download Alt Text AI WordPress plugin affecting versions through 1.9.93. The vulnerability allows exploiting incorrectly configured access control security levels (NVD, Patchstack).

The vulnerability is classified as a broken access control issue (CWE-862) where there is a missing authorization, authentication, or nonce token check in a function that could allow an unprivileged user to execute certain higher privileged actions. The vulnerability has received varying CVSS scores: NIST assigned a CVSS v3.1 Base Score of 8.8 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, while Patchstack rated it at 4.3 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (NVD, Patchstack).

The vulnerability could potentially allow an unprivileged user to execute higher privileged actions within the WordPress plugin. The exact impact varies depending on the implementation, with NIST assessment suggesting potential high impacts on confidentiality, integrity, and availability, while Patchstack indicates a lower severity with only limited impact on integrity (Patchstack).

Users are advised to update to version 1.9.94 or later to remove the vulnerability. The security issue has been assessed as having a low severity impact and is unlikely to be exploited (Patchstack).