CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23958 – WordPress Editor Wysiwyg Background Color plugin <= 1.0 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-23958
16 Apr 2025 — Missing Authorization vulnerability in FADI MED Editor Wysiwyg Background Color allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Editor Wysiwyg Background Color: from n/a through 1.0. The Editor Wysiwyg Background Color plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/editor-wysiwyg-background-color/vulnerability/wordpress-editor-wysiwyg-background-color-plugin-1-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •