CVE-2025-48139: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in StyleAI WordPress plugin versions through 1.0.4. The vulnerability was discovered by researcher ch4r0n from FPT Software and was publicly disclosed on May 22, 2025. This security issue is tracked as CVE-2025-48139 and affects the access control mechanisms in the StyleAI plugin (Wiz, MITRE).

The vulnerability is classified as a Broken Access Control issue, where functionality is not properly constrained by Access Control Lists (ACLs). It has received a CVSS score of 6.5 (Medium severity), indicating a moderately dangerous security risk. The vulnerability stems from a missing authorization, authentication, or nonce token check in a function that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability allows unprivileged users to access functionality that should be restricted to users with higher privileges. This broken access control issue could potentially lead to unauthorized access to protected features and functionality within the StyleAI plugin (Patchstack).

Currently, no official fix is available for this vulnerability. However, Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the mitigation immediately to protect their installations (Patchstack).