CVE-2025-9029: 
WordPress vulnerability analysis and mitigation

The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress contains a missing authorization vulnerability identified as CVE-2025-9029. The vulnerability was discovered in versions less than or equal to 1.2.16, with the disclosure date being October 3, 2025. The issue specifically affects the wdkithandlereview_submission function, where the plugin fails to properly verify user authorization for certain actions (NVD CVE).

The vulnerability is classified as CWE-862 (Missing Authorization) and has received a CVSS v3.1 Base Score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The technical issue stems from improper authorization verification in the wdkithandlereview_submission function, which is responsible for handling review submissions (Wordfence).

The vulnerability allows unauthenticated attackers to submit feedback data to external services. While the impact is relatively limited with only low integrity impact and no confidentiality or availability impacts, it still represents a security concern for affected WordPress installations (NVD CVE).

Users should upgrade to version 1.2.17 or later of the WDesignKit plugin to address this vulnerability. The fix has been implemented in the updated version as evidenced by the code changes (WordPress Plugin).