CVE-2025-69187
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-01-27

Assigner: Patchstack

Description
Missing Authorization vulnerability in e-plugins Final User final-user allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Final User: from n/a through <= 1.2.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-01-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69187
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack final_user to 1.2.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69187 is a Broken Access Control vulnerability in the WordPress Final User Plugin (versions up to 1.2.5). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing unauthenticated users to perform actions that should be restricted to higher-privileged users. This means attackers can exploit the plugin to bypass security controls without logging in. [1]

Impact Analysis

This vulnerability can have a significant impact by allowing unauthorized users to perform privileged actions on your WordPress site, potentially leading to data breaches, unauthorized changes, or other malicious activities. Since no authentication is required, the risk of exploitation is high, and it can compromise the security and integrity of your website. [1]

Detection Guidance

The provided resources do not include specific commands or methods to detect this vulnerability on your network or system.

Mitigation Strategies

Since no official patch or fixed version is available, you should immediately apply the mitigation rule released by Patchstack to block attacks exploiting this vulnerability. Additionally, consider using Patchstack's automated vulnerability mitigation services to protect your WordPress site until an official fix is released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69187. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart