CVE-2025-58678
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pickplugins | accordion | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the PickPlugins Accordion plugin, which allows attackers to exploit incorrectly configured access control security levels. Essentially, it means that the plugin does not properly check if a user has the right permissions before allowing certain actions, potentially enabling unauthorized access or actions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information or functionality within the affected Accordion plugin. Since the CVSS score indicates a high impact on confidentiality, it could result in exposure of sensitive data, although it does not affect integrity or availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with standards and regulations such as GDPR or HIPAA because it may lead to unauthorized disclosure of sensitive or personal data, violating requirements for data protection and access control.