CVE-2025-24725 - Vulnerability Details

- WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability

Description

Missing Authorization vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.2.8.

Published: 2025-01-24

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability in ThimPress Thim Elementor Kit allows an attacker to bypass authorization checks when interacting with the plugin’s functionality. This results in the ability to gain unauthorized access to admin-level features, potentially exposing sensitive content, modifying settings, or executing unintended actions. It is classified under CWE-862: Missing Authorization.

Affected Systems

Affects WordPress sites using the Thim Elementor Kit plugin version 1.2.8 or earlier. The issue applies to all installations that have not yet updated beyond this version.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate impact, and the EPSS score of less than 1% suggests a low probability of exploitation in the near term. It is not listed in the CISA KEV catalog. While no direct exploitation method is detailed, the likely attack vector is through web requests to plugin endpoints that do not impose correct role checks, as inferred from the description of missing authorization.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ThimPress

Thim Elementor Kit

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.2.8

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Thim Elementor Kit to a version newer than 1.2.8 to apply the vendor fix.
If an upgrade is not immediately possible, restrict access to the plugin’s administrative panels by disabling or removing the plugin from untrusted user roles.
Enable robust role‑based access control on your WordPress installation and monitor audit logs for any unauthorized activity involving the plugin.

Generated by OpenCVE AI on May 1, 2026 at 18:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-3917	Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00325.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/thim-elementor-kit/vulnerability/wordpress-thim-elementor-kit-plugin-1-2-8-broken-access-control-vulnerability?_s_id=cve

History

Thu, 23 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.	Missing Authorization vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.2.8.
References	https://patchstack.com/database/wordpress/plugin/thim-elementor-kit/vulnerability/wordpress-thim-elementor-kit-plugin-1-2-8-broken-access-control-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Plugin/thim-elementor-kit/vulnerability/wordpress-thim-elementor-kit-plugin-1-2-8-broken-access-control-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Wed, 12 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 24 Jan 2025 17:30:00 +0000

Type	Values Removed	Values Added
Description		Missing Authorization vulnerability in ThimPress Thim Elementor Kit allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Thim Elementor Kit: from n/a through 1.2.8.
Title		WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability
Weaknesses		CWE-862
References		https://patchstack.com/database/wordpress/plugin/thim-elementor-kit/vulnerability/wordpress-thim-elementor-kit-plugin-1-2-8-broken-access-control-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-01-24T17:25:15.993Z

Updated: 2026-04-28T16:11:33.471Z

Reserved: 2025-01-23T14:52:44.768Z

Link: CVE-2025-24725

Vulnrichment

Updated: 2025-02-12T19:54:49.844Z

NVD

Status : Deferred

Published: 2025-01-24T18:15:46.357

Modified: 2026-06-17T08:59:30.297

Link: CVE-2025-24725

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T18:30:05Z

Weaknesses

CWE-862
Missing Authorization

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object