CVE-2025-54045
Description
Missing Authorization vulnerability in CreativeMindsSolutions CM On Demand Search And Replace cm-on-demand-search-and-replace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM On Demand Search And Replace: from n/a through <= 1.5.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing Authorization in CM On Demand Search And Replace plugin <=1.5.5 allows unauthenticated exploitation of access control.
The CM On Demand Search And Replace plugin for WordPress versions up to 1.5.5 suffers from a missing authorization vulnerability. This means the plugin fails to properly verify user permissions before allowing access to certain functions, leading to broken access control [1].
Attackers can exploit this flaw by sending specially crafted HTTP requests without any prior authentication. The vulnerability is likely present in AJAX handlers or admin actions that lack capability checks, making it easy to launch mass-exploit campaigns against thousands of sites [1].
Successful exploitation enables an unprivileged attacker to perform actions normally reserved for higher-privileged users, such as modifying search and replace operations. The CVSS score of 4.3 reflects a moderate severity, but the ease of exploitation increases the risk [1].
Users are strongly advised to update the plugin to version 1.5.6 or later as soon as possible. If updating is not feasible, contact your hosting provider or a web developer for assistance [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.5.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.