CVE-2025-62152
Description
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through <= 269.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in ConveyThis WordPress plugin allows unprivileged users to perform higher privileged actions, fixed in 269.3.
The ConveyThis plugin for WordPress versions 269.2 and earlier contains a missing authorization vulnerability. The plugin fails to properly check access rights, allowing exploitation of incorrectly configured access control security levels [1]. This issue is classified as a broken access control vulnerability, which can be exploited to execute higher-privileged actions.
Attackers can exploit this vulnerability over the network without authentication or with low privileges. The attack complexity is low, and no user interaction is required. This makes it possible for unauthenticated attackers to perform actions that should require administrative permissions [1].
The impact includes potential unauthorized modification of plugin settings or access to protected data. Although rated as medium severity (CVSS 5.3), such vulnerabilities are often used in mass-exploit campaigns targeting thousands of websites [1].
The vulnerability has been addressed in version 269.3 of the plugin. Users are strongly advised to update to this version or later. Patchstack users can enable auto-updates for vulnerable plugins. As an immediate action, updating the plugin is recommended to mitigate the risk [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=269.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.