CVE-2025-48247: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability (CVE-2025-48247) was discovered in Blair Williams Shortlinks by Pretty Links plugin affecting versions through 3.6.15. The vulnerability was disclosed on May 19, 2025, and involves incorrectly configured access control security levels (Patchstack, NVD).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The attack vector is Network-based (AV:N) with Low attack complexity (AC:L), requiring Low privileges (PR:L) and No user interaction (UI:N). The scope is Unchanged (S:U) with No impact on confidentiality (C:N), Low impact on integrity (I:L), and No impact on availability (A:N) (Patchstack).

The vulnerability allows an authenticated user with subscriber-level privileges to perform certain actions that should be restricted to users with higher privilege levels. The impact is primarily focused on integrity with no direct effect on confidentiality or availability of the system (Patchstack).

Users are advised to update to version 3.6.16 or later to address this vulnerability. The security issue has been classified as having a low severity impact and is unlikely to be exploited (Patchstack).