Medium severity5.3NVD Advisory· Published Dec 31, 2025· Updated Apr 23, 2026

CVE-2025-62755

Description

Missing Authorization vulnerability in GS Plugins GS Portfolio for Envato gs-envato-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Portfolio for Envato: from n/a through <= 1.4.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization in GS Portfolio for Envato ≤1.4.2 allows unauthenticated users to perform privileged actions, leading to mass exploitation.

The GS Portfolio for Envato plugin for WordPress (gs-envato-portfolio) versions up to and including 1.4.2 suffer from a missing authorization vulnerability. The plugin fails to properly verify access control checks in certain functions, allowing users to bypass intended security levels [1]. This broken access control issue stems from missing nonce or capability checks in the plugin’s code.

References

Broken Access Control in WordPress GS Portfolio for Envato Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Gs Envato Portfoliollm-fuzzy
Range: <= 1.4.2
Package: https://wordpress.org/plugins/gs-envato-portfolio

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/gs-envato-portfolio/vulnerability/wordpress-gs-portfolio-for-envato-plugin-1-4-2-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000