CVE-2025-48127

{"id": "CVE-2025-48127", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-05-16T16:15:44.507", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/push-notification-mobile-and-web-app/vulnerability/wordpress-push-notification-for-mobile-and-web-app-2-0-3-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in App Cheap Push notification for Mobile and Web app allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Push notification for Mobile and Web app: from n/a through 2.0.3."}, {"lang": "es", "value": "Una vulnerabilidad de falta de autorizaci\u00f3n en App Cheap Push notification for Mobile and Web app permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a las notificaciones push para aplicaciones m\u00f3viles y web desde n/d hasta la versi\u00f3n 2.0.3."}], "lastModified": "2025-05-19T13:35:20.460", "sourceIdentifier": "audit@patchstack.com"}