CVE-2025-60130: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in WEDOS Global WordPress plugin affecting versions through 1.2.2. The vulnerability was identified on September 26, 2025, and was assigned CVE-2025-60130. The issue allows accessing functionality not properly constrained by Access Control Lists (ACLs) (NVD, Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 5.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, no privileges required, and no user interaction needed (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. The impact is considered low severity but could potentially lead to unauthorized access to protected functionality (Patchstack).

No official fix is currently available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the plugin is considered abandoned and unlikely to receive further updates or security fixes (Patchstack).