CVE-2025-64630
Description
Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business Directory: from n/a through <= 6.4.19.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Business Directory plugin (≤6.4.19) allows unprivileged users to exploit incorrectly configured access controls.
Vulnerability
Overview CVE-2025-64630 is a missing authorization vulnerability in the WordPress Business Directory plugin by Strategy11 Team, affecting versions from n/a through 6.4.19. The plugin fails to properly enforce access control checks, allowing exploitation of incorrectly configured security levels [1].
Exploitation
An attacker with low privileges can exploit this broken access control issue to perform actions that should require higher-level permissions. The vulnerability does not require authentication bypass but rather leverages missing authorization checks in plugin functions [1]. This type of flaw is commonly used in mass-exploit campaigns targeting thousands of websites regardless of their size or popularity [1].
Impact
Successful exploitation could allow an unprivileged user to execute higher-privileged actions, potentially leading to unauthorized data access or modification. The CVSS v3 base score is 4.9 (Medium), indicating a moderate severity [1].
Mitigation
The vendor has released version 6.4.20 which resolves the vulnerability. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins. If updating is not possible, contacting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=6.4.19
- Range: <=6.4.19
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.