CVE-2025-54712: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability was discovered in hashthemes Easy Elementor Addons plugin affecting versions through 2.2.7. The vulnerability was disclosed on August 14, 2025, and was assigned CVE-2025-54712. This security issue allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and no user interaction. The impact is limited to integrity with no effect on confidentiality or availability. The vulnerability is classified as CWE-862 (Missing Authorization) (AttackerKB).

The vulnerability represents a broken access control issue where an unprivileged user could potentially execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. The impact is considered low severity with only integrity being affected (Patchstack).

The vulnerability has been fixed in version 2.2.8 of the Easy Elementor Addons plugin. Users are advised to update to version 2.2.8 or later to remove the vulnerability. The security issue has a low severity impact and is unlikely to be exploited (Patchstack).