CVE-2025-67976
Description
Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through <= 3.4.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing authorization in Watu Quiz plugin (≤3.4.5) allows attackers to exploit misconfigured access controls.
Vulnerability
Overview The Watu Quiz plugin for WordPress, version 3.4.5 and earlier, suffers from a missing authorization vulnerability. This flaw arises from improperly configured access control security levels, allowing unauthorized users to bypass permission checks. [1]
Exploitation
Conditions An attacker can exploit this issue by sending specially crafted HTTP requests to the vulnerable endpoint. No authentication or valid nonce tokens are required, enabling unauthenticated or low-privileged users to trigger actions intended for higher-privileged roles. [1]
Impact
Successful exploitation allows an attacker to perform functions that should be restricted, such as modifying quiz data or settings. This could lead to data exposure, site content manipulation, or further compromise depending on the plugin's functionality. [1]
Mitigation
The vendor has released version 3.4.5.1 to address the vulnerability. Users are strongly advised to update immediately. Patchstack users can enable auto-update for vulnerable plugins to ensure timely patching. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.