CVE-2025-31545

Vulnerability

Overview CVE-2025-31545 is a missing authorization vulnerability in the WordPress plugin Safe Ai Malware Protection for WP, affecting versions up to and including 1.0.20. The issue arises from broken access control, where the plugin fails to properly check user permissions or nonce tokens in certain functions, allowing unauthorized actions [1].

Exploitation

Conditions To exploit this vulnerability, an attacker does not need any special privileges; they can simply send crafted requests to the vulnerable endpoints. The plugin's incorrect configuration of access control security levels enables unauthenticated or low-privilege users to perform actions that should require higher privileges [1].

Impact

Successful exploitation could allow an attacker to bypass security restrictions, potentially leading to unauthorized modifications or disclosure of sensitive information. Given the plugin's focus on malware protection, a breach could undermine the site's security posture [1].

Mitigation

The vendor has not released a patched version beyond 1.0.20, but users are strongly advised to update the plugin immediately. If an update is unavailable, consider removing or replacing the plugin, as this vulnerability may be targeted in mass-exploit campaigns [1].