The Vulnerability CVE‑2025‑24693 is a Missing Authorization flaw that allows an attacker to bypass correctly configured access control checks in the Yehi Advanced Notifications WordPress plugin. It belongs to CWE‑862, which describes situations where a system fails to authorize a user before performing privileged functions. The flaw can give an authenticated user privileges beyond those intended, potentially exposing or altering data managed by the plugin, compromising the integrity of the site, or allowing further attacks within the WordPress environment. The impact is limited to users who can access the plugin interface; however, the misuse of elevated privileges can have cascading effects if core WordPress files or other plugins rely on the compromised data.

Yehi Advanced Notifications plugin for WordPress, all releases up to and including version 1.2.7. The description lists the affected range as n/a through <= 1.2.7, so any installation of the plugin with a version number lower than or equal to 1.2.7 is vulnerable.

The CVSS score of 4.3 indicates moderate severity, and the EPSS score of less than 1% shows a very low probability of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. Because the flaw involves incorrect permission checks inside the plugin, the likely attack vector is web‑based and requires the attacker to be authenticated to the WordPress site, though the precise prerequisites are inferred from the description rather than explicitly provided.