CVE-2025-60127
Description
Missing Authorization vulnerability in ArtistScope CopySafe Web Protection wp-copysafe-web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CopySafe Web Protection: from n/a through <= 5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CopySafe Web Protection plugin for WordPress <=5.1 has a missing authorization vulnerability allowing unauthenticated exploitation of incorrectly configured access controls.
The CopySafe Web Protection plugin for WordPress (wp-copysafe-web) is vulnerable to a broken access control issue due to missing authorization checks. Versions up to and including 5.1 do not properly enforce access controls on certain functions, allowing attackers to exploit incorrectly configured security levels [1].
An unauthenticated attacker can exploit this vulnerability to perform privileged actions without proper authentication. The attack does not require any special network position or user interaction, making it suitable for large-scale exploitation campaigns [1].
Successful exploitation could lead to unauthorized modification of plugin settings, disclosure of sensitive information, or other actions normally restricted to higher-privileged users. The vulnerability has a CVSS score of 5.4 (Medium) and is considered low severity by the vendor, but it is actively used in mass-exploit campaigns [1].
The vulnerability is patched in version 5.2 of the plugin. Users are strongly advised to update immediately. If unable to update, contact your hosting provider for assistance. Patchstack users can enable auto-update for vulnerable plugins [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.