CVE-2025-47457
Description
Missing Authorization vulnerability in dgamoni LocateAndFilter locateandfilter allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LocateAndFilter: from n/a through <= 1.6.16.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
LocateAndFilter WordPress plugin <=1.6.16 missing authorization allows unprivileged users to access restricted functionality.
Vulnerability
Details
The LocateAndFilter WordPress plugin versions 1.6.16 and earlier contain a missing authorization vulnerability. This broken access control issue allows functionality that is not properly constrained by Access Control Lists (ACLs) to be accessed by unprivileged users [1].
Exploitation
An attacker with no or low privileges can exploit this flaw to perform actions that should require higher permissions. No authentication is needed beyond the unprivileged access, making it possible for any user to access restricted functionality [1].
Impact
The vulnerability has a low severity impact and is unlikely to be exploited in mass campaigns according to the advisory. However, it could lead to unauthorized operations within the plugin's scope [1].
Mitigation
Users should update to version 1.6.17 or later, which fixes the issue. Patchstack users can enable auto-updates for vulnerable plugins [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.6.16
- Range: <=1.6.16
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.