CVE-2025-48167
Description
Missing Authorization vulnerability in alexvtn Chatbox Manager wa-chatbox-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chatbox Manager: from n/a through <= 1.2.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Chatbox Manager plugin (<=1.2.5) allows unprivileged users to exploit incorrectly configured access controls.
The Chatbox Manager plugin (wa-chatbox-manager) for WordPress versions up to and including 1.2.5 suffers from a broken access control vulnerability. The root cause is missing authorization checks, meaning the plugin does not properly verify that a user has the necessary privileges before allowing certain actions [1].
Exploitation is possible without authentication or with low-level privileges, making it easy for attackers to trigger higher-privileged operations. The attack surface is broad, as the plugin is widely used, and such flaws are often targeted in mass-exploit campaigns against thousands of sites regardless of their popularity [1].
An attacker exploiting this vulnerability could gain unauthorized access to administrative functions or sensitive data, potentially leading to defacement, data theft, or further compromise of the WordPress site. The severity is rated medium (CVSS 5.4) [1].
Mitigation is straightforward: update to version 1.2.6 or later, which includes a fix for the missing authorization. Patchstack users can enable auto-updates. No workaround details are provided beyond updating [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.2.5+ 1 more
- (no CPE)range: <=1.2.5
- (no CPE)range: <=1.2.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.