CVE-2025-47480: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability has been identified in Iqonic Design Graphina plugin versions through 3.0.4. The vulnerability was discovered and disclosed on May 7, 2025, and is tracked as CVE-2025-47480. The issue allows exploiting incorrectly configured access control security levels in the WordPress plugin (NVD, Wiz).

The vulnerability is classified as a broken access control issue, which stems from missing authorization, authentication, or nonce token checks in certain functions. This allows unprivileged users to execute higher privileged actions. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The weakness is categorized under CWE-862 (Missing Authorization) (Patchstack).

The vulnerability has a low severity impact and allows subscriber-level users to perform unauthorized actions within the plugin's functionality. The impact primarily affects the integrity and availability of the plugin's features (Patchstack).

The vulnerability has been fixed in version 3.0.5 of the Graphina plugin. Users are advised to update to version 3.0.5 or later to remediate the security issue. Patchstack users can enable auto-update functionality for vulnerable plugins (Patchstack).