CVE-2025-49349

Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.

CVSS

No CVSS.

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/reuters-direct/vulnerability/wordpress-reuters-direct-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve

Configurations

No configuration.

History

01 Apr 2026, 17:25

Type	Values Removed	Values Added
References	{'url': 'https://patchstack.com/database/wordpress/plugin/reuters-direct/vulnerability/wordpress-reuters-direct-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/reuters-direct/vulnerability/wordpress-reuters-direct-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve -
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : unknown
Summary		(es) Vulnerabilidad de autorización faltante en la Agencia de Noticias Reuters Reuters Direct permite la explotación de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Reuters Direct: desde n/a hasta 3.0.0.
Summary	(en) Missing Authorization vulnerability in Reuters News Agency Reuters Direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through 3.0.0.	(en) Missing Authorization vulnerability in Reuters News Agency Reuters Direct reuters-direct allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reuters Direct: from n/a through <= 3.0.0.

20 Jan 2026, 15:16

Type	Values Removed	Values Added
References	{'url': 'https://vdp.patchstack.com/database/wordpress/plugin/reuters-direct/vulnerability/wordpress-reuters-direct-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/wordpress/plugin/reuters-direct/vulnerability/wordpress-reuters-direct-plugin-3-0-0-broken-access-control-vulnerability?_s_id=cve -

31 Dec 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-12-31 15:15

Updated : 2026-04-01 17:25

NVD link : CVE-2025-49349

Mitre link : CVE-2025-49349

CVE.ORG link : CVE-2025-49349

JSON object : View

Products Affected

No product.

CWE

CWE-862

Missing Authorization

JSON object

Attach tags to CVE-2025-49349

Attach tags to `CVE-2025-49349`