CVE-2025-64246
Description
Missing Authorization vulnerability in netopsae Accessibility by AudioEye accessibility-by-audioeye allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility by AudioEye: from n/a through <= 1.0.49.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Accessibility by AudioEye WordPress plugin (<=1.0.49) allows exploitation of incorrectly configured access control.
A missing authorization vulnerability has been identified in the Accessibility by AudioEye plugin for WordPress, affecting versions up to and including 1.0.49. This bug allows exploitation of incorrectly configured access control security levels, effectively enabling broken access control.
The vulnerability can be exploited by attackers who may not require authentication, as it stems from missing authorization checks. The reference notes that such vulnerabilities are used in mass-exploit campaigns targeting thousands of websites simultaneously [1].
An attacker exploiting this flaw could perform actions that should be restricted to higher-privileged users, potentially leading to unauthorized access or manipulation of plugin settings. Although the CVSS score is 4.3 (Medium), it is described as unlikely to be widely exploited [1].
The issue has been addressed in version 1.1.0 of the plugin. Users are strongly advised to update to this version or later to mitigate the risk. Auto-update features can assist in maintaining protection.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<=1.0.49+ 1 more
- (no CPE)range: <=1.0.49
- (no CPE)range: <=1.0.49
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.