CVE-2025-67548
Description
Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a through <= 1.9.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing Authorization vulnerability in WP Delicious plugin for WordPress up to v1.9.1 allows access control bypass, used in mass exploitation.
The WP Delicious plugin for WordPress suffers from a Missing Authorization vulnerability in versions up to and including 1.9.1. This issue stems from incorrectly configured access control security levels, specifically in the delicious-recipes component, allowing exploitation of default access controls.
Attackers can leverage this broken access control without authentication, making it suitable for mass exploitation campaigns. The vulnerability is reported to be used in attempts to compromise thousands of websites irrespective of their size or popularity[1].
While the impact is assessed as low severity and exploitation unlikely according to the advisory, successful exploitation could allow unprivileged attackers to perform actions normally reserved for higher-privileged users. The CVSS v3 base score of 6.5 (Medium) reflects this potential.
The vulnerability is addressed in version 1.9.2 of the plugin. Users are strongly advised to update immediately. Patchstack users can enable auto-updates for vulnerable plugins to mitigate the risk[1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.