CVE-2025-67967
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67967 is a Broken Access Control vulnerability in the WordPress Lawyer Directory Plugin versions up to 1.3.3. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing users with low privileges (such as subscribers) to perform actions that should be restricted to higher-privileged roles. This means unauthorized users can gain access or control beyond their intended permissions. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access or control within the Lawyer Directory Plugin, allowing low-privileged users to perform privileged actions. This poses a significant security risk as attackers could manipulate or access sensitive data or functionality they should not have access to. The vulnerability has a high CVSS score of 7.6, indicating a high likelihood of exploitation and serious impact if not patched promptly. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for exploitation attempts where subscriber-level users perform actions reserved for higher-privileged roles within the Lawyer Directory Plugin (versions β€1.3.3). Since the vulnerability allows unauthorized access via missing authorization checks, you can audit plugin logs for unusual privilege escalations or unauthorized actions. Additionally, using Patchstack's automatic mitigation rule can help detect and block exploitation attempts. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediately update the WordPress Lawyer Directory Plugin to version 1.3.4 or later, which fixes the access control flaws. Until the update is applied, enable Patchstack's automatic mitigation rule to block exploitation attempts. If using Patchstack, enable auto-updates for vulnerable plugins to ensure rapid protection. [1]