CVE-2025-66076
Deferred Deferred - Pending Action

Unauthenticated Broken Access Control in Woostify Sites Library

Vulnerability report for CVE-2025-66076, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: Patchstack

Description

Unauthenticated Broken Access Control in Woostify Sites Library <= 1.6.2 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-02
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
woostify woostify_sites_library to 1.6.2 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the WordPress Woostify Sites Library Plugin (versions 1.6.2 and below) is a Broken Access Control issue. It allows unauthenticated users to perform actions that normally require higher privileges because the plugin lacks proper authorization, authentication, or nonce token checks.

This means attackers can bypass security controls and execute privileged operations without logging in or having the necessary permissions.

Impact Analysis

This vulnerability can be exploited by attackers to perform unauthorized actions on affected websites, potentially compromising the integrity of the site.

Since it allows unauthenticated users to execute higher-privileged actions, attackers could manipulate site content, configurations, or other sensitive operations.

The vulnerability is considered low severity with a CVSS score of 5.3, but it can be targeted in mass-exploit campaigns affecting thousands of websites.

Immediate action, such as updating the plugin or consulting a web developer or hosting provider, is recommended to mitigate potential impacts.

Mitigation Strategies

The vulnerability affects Woostify Sites Library Plugin versions 1.6.2 and below and allows unauthenticated users to perform higher-privileged actions due to broken access control.

Immediate actions recommended include updating the plugin if an update becomes available or seeking assistance from your hosting provider or a web developer to implement mitigations.

Since there is no official patch available at this time, monitoring and restricting access to the vulnerable plugin or disabling it temporarily may help reduce risk.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66076. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart