CVE-2025-69183
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description
Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69183
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack hospital_doctor_directory From 1.0.0 (inc) to 1.3.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69183 is a high-priority privilege escalation vulnerability in the WordPress Hospital Doctor Directory Plugin (versions up to 1.3.9). It allows a user with low-level privileges, such as a Subscriber or Developer, to escalate their access rights to higher privileges, potentially gaining full control over the affected WordPress website. This vulnerability is classified under OWASP Top 10 A4: Insecure Design and has a CVSS severity score of 8.8. [1]

Impact Analysis

This vulnerability can allow an attacker with low-level access to escalate their privileges and gain full control over the affected WordPress website. This could lead to unauthorized access, modification, or deletion of data, disruption of website services, and potential compromise of sensitive information hosted on the site. [1]

Detection Guidance

The vulnerability affects WordPress sites using the Hospital Doctor Directory plugin version 1.3.9 or earlier. Detection involves verifying the plugin version installed on your WordPress site. Since no specific detection commands are provided, you can check the plugin version via the WordPress admin dashboard or by running commands such as 'wp plugin list' using WP-CLI to identify the plugin version. Monitoring for exploitation attempts can be enhanced by applying the Patchstack mitigation rule mentioned. [1]

Mitigation Strategies

Immediate mitigation involves applying the Patchstack mitigation rule provided by Patchstack to block exploitation attempts until an official patch is released. Since no official fix or patched version is currently available, implementing this mitigation is the recommended step to protect affected sites. [1]

Compliance Impact

The provided resources do not specify how this privilege escalation vulnerability in the Hospital Doctor Directory plugin affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69183. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart