CVE-2025-32684

An authenticated attacker with low privileges can exploit missing authorization checks [CWE-862] to access resources or perform actions that should require higher-level permissions. The attack is network-based (CVSS AV:N) with low complexity and no special authentication requirements beyond a basic user account. The impact is limited to low confidentiality exposure due to the incorrectly configured access control security levels.

The advisory does not specify exact file paths or functions. The vulnerability is in the MapSVG plugin for WordPress (mapsvg-lite-interactive-vector-maps) versions through 8.6.4.

The advisory does not include a published patch. The plugin's changelog [ref_id=1] shows security fixes in subsequent versions (e.g., 8.6.5 'Fixed XSS vulnerability', 8.6.10 'Fixed security vulnerabilities related to unauthorized shortcode rendering in templates', 8.6.12 'Fixed a few vulnerabilities'), but none explicitly reference CVE-2025-32684. Users should update to the latest available version (8.13.2) which likely contains the necessary authorization checks.