CVE-2023-25791
Description
Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated users can exploit missing authorization checks in the Fontiran WordPress plugin (≤2.1) to access restricted functionality, posing a risk of mass exploitation.
Vulnerability
Overview The Fontiran WordPress plugin, versions up to and including 2.1, suffers from a missing authorization vulnerability. The software fails to properly verify access control security levels, allowing unauthorized access to restricted features. This is a classic broken access control issue where the plugin does not enforce adequate authentication or permission checks before executing privileged actions [1].
Exploitation
Conditions Attackers can leverage this flaw remotely without needing prior authentication. The vulnerability is considered moderately dangerous and is expected to be exploited in mass campaigns targeting thousands of websites simultaneously. No special network position or complex prerequisites are required, making it accessible to a wide range of threat actors [1].
Impact and
Mitigation Successful exploitation enables an unprivileged attacker to perform actions that should be reserved for higher-privileged users, potentially compromising website integrity or confidentiality. The immediate recommended action is to update the plugin to a patched version beyond 2.1. If an update is unavailable, users should contact their hosting provider or web developer for assistance [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.