CVE-2025-47556: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in QuanticaLabs CSS3 Compare Pricing Tables for WordPress plugin, affecting versions through 11.5. The vulnerability was reported on April 19, 2025, by Tran Nguyen Bao Khanh from VCI - VNPT Cyber Immunity and was publicly disclosed on May 16, 2025. This security issue is identified as CVE-2025-47556 and relates to incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 5.4 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L, indicating network accessibility, low attack complexity, and required low privileges. The issue stems from missing authorization, authentication, or nonce token checks in certain functions, potentially allowing unprivileged users to execute higher privileged actions (NVD, Patchstack).

The vulnerability has been assessed as having a low severity impact. It affects the security of WordPress websites using the CSS3 Compare Pricing Tables plugin versions 11.5 and below, potentially allowing subscriber-level users to perform unauthorized actions (Patchstack).

The vulnerability has been fixed in version 11.7 of the CSS3 Compare Pricing Tables for WordPress plugin. Users are advised to update to version 11.7 or later to remove the vulnerability. Patchstack users have the option to enable auto-updates for vulnerable plugins (Patchstack).