CVE-2025-68072
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-04-01

Assigner: Patchstack

Description
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.20.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-04-01
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68072
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
merv_barrett easy_property_listings to 3.5.17 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-68072 is a Broken Access Control vulnerability in the WordPress Easy Property Listings Plugin (versions up to 3.5.17). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unauthenticated users to perform actions that should require higher privileges. [1]

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions on your WordPress site using the Easy Property Listings Plugin, potentially leading to unauthorized data access or modification. It poses a moderate risk with a CVSS score of 6.5. Without mitigation, your site could be exploited, compromising its security and integrity. [1]

Detection Guidance

Detection involves monitoring for unauthorized access attempts to Easy Property Listings plugin functions that require higher privileges but are accessible without proper authorization. Since the vulnerability allows unauthenticated users to perform privileged actions, you can check your web server logs for suspicious requests targeting Easy Property Listings endpoints or parameters. Specific commands depend on your environment, but for example, you can use grep to search your access logs for suspicious requests: grep -i 'easy-property-listings' /var/log/apache2/access.log or grep -i 'easy-property-listings' /var/log/nginx/access.log. Additionally, monitoring for unusual POST requests or parameters related to the plugin may help detect exploitation attempts. Employing a Web Application Firewall (WAF) with rules blocking known exploit patterns, such as the Patchstack mitigation rule, can also aid detection and prevention. [1]

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule that blocks attacks exploiting this vulnerability, as no official patch is available yet. This rule provides immediate protection by preventing unauthorized access attempts targeting the Easy Property Listings plugin. Additionally, users should implement continuous security monitoring and consider restricting access to the plugin's administrative functions via IP whitelisting or other access control measures until an official fix is released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68072. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart