CVE-2025-62906
Description
Missing Authorization vulnerability in epiphanyit321 Referral Link Tracker referral-link-tracker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Referral Link Tracker: from n/a through <= 1.1.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Referral Link Tracker plugin for WordPress ≤1.1.4 has a missing authorization vulnerability allowing unprivileged users to exploit incorrectly configured access controls.
The Referral Link Tracker plugin for WordPress, versions up to and including 1.1.4, contains a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, which fail to properly verify user permissions before allowing certain actions [1].
An attacker can exploit this vulnerability without needing elevated privileges, as the plugin does not enforce proper authorization checks. The attack surface is broadened by the fact that such vulnerabilities are often used in mass-exploit campaigns targeting thousands of websites, regardless of their size or popularity [1].
The impact of successful exploitation includes the ability to perform unauthorized actions within the plugin, potentially leading to data exposure or manipulation. The CVSS v3 score of 4.3 (Medium) reflects the limited but real risk of broken access control [1].
As an immediate mitigation, users should update the plugin to a patched version if available. If updating is not possible, contacting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<= 1.1.4+ 1 more
- (no CPE)range: <= 1.1.4
- (no CPE)range: <=1.1.4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.