CVE-2025-60152
Description
Missing Authorization vulnerability in wpshuffle Subscribe To Unlock subscribe-to-unlock allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe To Unlock: from n/a through <= 1.1.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Subscribe To Unauthenticated users can exploit missing authorization in Subscribe To Unlock plugin (≤1.1.5) to bypass access controls.
Vulnerability
Overview The Subscribe To Unlock plugin for WordPress, versions up to and including 1.1.5, contains a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, allowing unauthenticated attackers to bypass intended restrictions [1].
Exploitation
Details The vulnerability is classified as a broken access control issue, meaning the plugin fails to properly verify user permissions or nonce tokens in certain functions. Attackers can exploit this without authentication, targeting any site running the vulnerable plugin version [1].
Impact
Successful exploitation enables an attacker to perform actions that should require higher privileges, potentially leading to unauthorized content access or other restricted operations. This vulnerability is actively used in mass-exploit campaigns against thousands of websites [1].
Mitigation
The vendor has not released a patched version; users should immediately update the plugin if a fix becomes available. As a workaround, site administrators can consult their hosting provider or web developer to implement additional access controls or disable the plugin until a patch is applied [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=1.1.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.