CVE-2025-58978
Description
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress pdf-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDF Generator for WordPress: from n/a through <= 1.5.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization vulnerability in WP Swings PDF Generator for WordPress allows unauthenticated attackers to exploit incorrectly configured access controls, affecting versions <= 1.5.4.
Vulnerability
Overview The PDF Generator for WordPress plugin by WP Swings suffers from a missing authorization vulnerability. Certain functions lack proper permission checks, leading to broken access control. This allows unauthenticated attackers to access functionality that should require higher privileges, such as generating PDFs or accessing sensitive data. [1]
Exploitation
Details Exploitation requires no authentication and can be performed remotely over a network. The attack complexity is low, making it easy for attackers to exploit. The vulnerability affects all versions from n/a through 1.5.4. [1]
Impact
Successfully exploiting this vulnerability could allow an attacker to perform unauthorized actions, potentially leading to information disclosure or other misuse. The CVSS score of 5.3 (Medium) reflects the moderate severity of this access control issue. [1]
Mitigation
The vendor has released version 1.5.5 which patches the vulnerability. Users are strongly advised to update to this version or later. Patchstack users can enable auto-update for vulnerable plugins. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.5.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.