CVE-2025-57990: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the Blog Designer WordPress plugin affecting versions through 3.1.8. The vulnerability was identified on September 22, 2025, and assigned identifier CVE-2025-57990. The issue allows exploiting incorrectly configured access control security levels (Patchstack).

The vulnerability is classified as a Broken Access Control issue with a CVSS v3.1 score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability stems from missing authorization checks that could allow unprivileged users to execute certain higher privileged actions. The issue has been categorized under CWE-862 (Missing Authorization) (Patchstack).

The vulnerability has a low severity impact, allowing potential unauthorized access to privileged functions. The software is considered abandoned, as it hasn't received updates for over a year, which increases the security risk for continued usage (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation strategy is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive future updates or security fixes (Patchstack).

The vulnerability was initially reported by security researcher Trương Hữu Phúc on July 25, 2025. Patchstack issued an early warning to their customers on September 22, 2025, before publishing the vulnerability details on September 24, 2025 (Patchstack).