Medium severity6.5NVD Advisory· Published Dec 18, 2025· Updated Apr 27, 2026

CVE-2025-64375

Description

Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through <= 3.20.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing authorization vulnerability in WP Social Ninja plugin allows unauthenticated attackers to exploit incorrectly configured access controls, potentially leading to unauthorized actions.

Vulnerability

Overview The WP Social Ninja plugin for WordPress (version 3.20.1 and earlier) contains a missing authorization vulnerability. The plugin fails to properly enforce access control checks on certain functions, allowing unauthenticated or low-privileged users to perform actions that should require higher privileges [1].

Exploitation

An attacker can exploit this vulnerability remotely without needing any authentication. The missing authorization check means that any user, including unauthenticated visitors, can trigger privileged operations. This type of vulnerability is commonly targeted in mass-exploit campaigns due to its ease of exploitation [1].

Impact

Successful exploitation allows an attacker to execute actions reserved for higher-privileged users, such as modifying plugin settings or accessing sensitive data. The exact impact depends on the specific missing authorization, but it can lead to unauthorized data exposure or site compromise [1].

Mitigation

The vulnerability has been patched in version 3.20.2. Users are strongly advised to update immediately. The vulnerability is listed as Known Exploited Vulnerability (KEV), indicating active exploitation in the wild [1].

References

Broken Access Control in WordPress WP Social Ninja Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Wp Social Reviewsinferred
Range: <=3.20.1
Package: https://wordpress.org/plugins/wp-social-reviews

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/wp-social-reviews/vulnerability/wordpress-wp-social-ninja-plugin-3-20-1-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000