CVE-2025-47529

{"id": "CVE-2025-47529", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-05-23T13:15:38.743", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/experto-cta-widget/vulnerability/wordpress-experto-cta-widget-call-to-action-sticky-cta-floating-button-plugin-1-1-1-settings-change-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in UX Design Experts Experto CTA Widget \u2013 Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget \u2013 Call To Action, Sticky CTA, Floating Button Plugin: from n/a through <= 1.1.1."}, {"lang": "es", "value": "Vulnerabilidad de falta de autorizaci\u00f3n en UX Design Experts Experto CTA Widget \u2013 Call To Action, Sticky CTA, Floating Button Plugin permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Experto CTA Widget \u2013 Call To Action, Sticky CTA, Floating Button Plugin desde n/d hasta la versi\u00f3n 1.1.1."}], "lastModified": "2026-04-28T19:32:23.553", "sourceIdentifier": "audit@patchstack.com"}