CVE-2025-47527: 
WordPress vulnerability analysis and mitigation

CVE-2025-47527 is a Missing Authorization vulnerability affecting the Icegram Collect – Easy Form, Lead Collection and Subscription WordPress plugin through version 1.3.18. The vulnerability was discovered by researcher ch4r0n on April 21, 2025, and was publicly disclosed on June 4, 2025. This security issue is classified as a Broken Access Control vulnerability (CWE-862) (Wiz Database, Patchstack Database).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. This indicates that the vulnerability can be exploited over the network with low attack complexity, requires low privileges, and no user interaction (NVD, Wiz Database).

The vulnerability allows exploitation of incorrectly configured access control security levels, potentially enabling unprivileged users to execute higher privileged actions. The impact assessment indicates no confidentiality impact, low integrity impact, and high availability impact (Patchstack Database).

The vulnerability has been patched in version 1.3.19 of the plugin. Users are strongly advised to update to version 1.3.19 or later immediately. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack Database).