CVE-2025-62932

Vulnerability

Overview

The Table Block by RioVizual plugin for WordPress, versions up to and including 3.0.0, contains a missing authorization vulnerability. This is a broken access control issue where the plugin fails to properly verify user permissions or nonce tokens in certain functions, allowing unauthenticated or low-privileged users to perform actions that should require higher privileges [1].

Exploitation and

Attack Surface

Attackers can exploit this vulnerability without needing any authentication, as the missing authorization check means no valid session or capability is required. The attack vector is network-based, and the complexity is low. This type of vulnerability is commonly used in mass-exploit campaigns targeting thousands of WordPress sites simultaneously, regardless of their size or popularity [1].

Impact

Successful exploitation could allow an attacker to access or modify data that should be protected, potentially leading to unauthorized data exposure or site manipulation. The CVSS v3 base score is 4.3 (Medium), reflecting the limited but real risk of confidentiality or integrity impact [1].

Mitigation

The vendor has not yet released a patch for versions beyond 3.0.0, but users are strongly advised to update the plugin immediately if a newer version becomes available. As a workaround, site administrators can implement additional access controls or disable the plugin until a fix is applied [1].