CVE-2025-60128

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-09-26

Last updated on: 2026-04-23

Assigner: Patchstack

Description

Missing Authorization vulnerability in WP Delicious Delisho dr-widgets-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Delisho: from n/a through <= 1.1.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-09-26

Last Modified

2026-04-23

Generated

2026-05-07

AI Q&A

2025-09-26

EPSS Evaluated

2026-05-05

NVD

CVE-2025-60128

EUVD

EUVD-2025-31272

Affected Vendors & Products

Vendor	Product	Version / Range
patchstack	delisho	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-862	The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a Missing Authorization issue in the WP Delicious Delisho plugin, which allows attackers to exploit incorrectly configured access control security levels. Essentially, the plugin does not properly check if a user has the right permissions before allowing certain actions, potentially enabling unauthorized actions.

How can this vulnerability impact me? :

The impact of this vulnerability is limited to integrity loss, meaning an attacker with some privileges could perform unauthorized actions that could alter data or settings. The CVSS score indicates a low to medium severity with no impact on confidentiality or availability.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-60128

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart