CVE-2025-59005
Description
Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Categorify WordPress plugin ≤1.0.7.5 has a missing authorization vulnerability allowing unprivileged attackers to access higher privileged functions.
Vulnerability
Description
The Categorify WordPress plugin versions up to and including 1.0.7.5 suffer from a missing authorization vulnerability [1]. This broken access control issue means that security checks are not properly implemented, allowing an attacker to exploit incorrectly configured access control security levels.
Exploitation
An attacker can exploit this vulnerability without requiring authentication, potentially executing functions that are intended only for higher privileged users [1]. The lack of nonce or capability checks in certain plugin functions enables this exploitation.
Impact
Successful exploitation can lead to unauthorized actions within the affected WordPress site [1]. Due to the nature of this vulnerability, it is actively used in mass-exploit campaigns targeting thousands of websites [1].
Mitigation
The vulnerability is fixed in versions after 1.0.7.5. It is strongly recommended to update the plugin immediately [1]. If updating is not possible, consult with a hosting provider or web developer for workarounds.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.0.7.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.