CVE-2025-64242
Description
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through <= 3.5.22.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Easy Property Listings plugin <=3.5.22 has a missing authorization vulnerability allowing unprivileged users to exploit incorrectly configured access controls.
The Easy Property Listings plugin for WordPress, versions up to and including 3.5.22, contains a missing authorization vulnerability. This flaw stems from incorrectly configured access control security levels, which can be exploited to bypass intended permission checks [1].
An attacker does not need elevated privileges to exploit this issue; the broken access control allows unprivileged users to perform actions that should require higher-level permissions. The vulnerability is classified as a broken access control issue, meaning a missing authorization, authentication, or nonce token check in a function could lead to unauthorized actions [1].
The impact is considered low severity, and exploitation is unlikely according to the advisory. However, such vulnerabilities are known to be used in mass-exploit campaigns targeting thousands of websites [1].
The vulnerability has been patched in version 3.5.23. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins. If updating is not possible, contacting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.5.22
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.