Description
Missing Authorization vulnerability in Jose Mortellaro Specific Content For Mobile specific-content-for-mobile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specific Content For Mobile: from n/a through <= 0.5.3.
Published: 2025-03-27
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing Authorization vulnerability in Jose Mortellaro Specific Content For Mobile allows exploiting incorrectly configured access control security levels. Attackers can gain unauthorized access to content or functionalities guarded by the plugin, potentially compromising confidentiality or modifying data. The weakness is a classic authorization bypass, categorized under CWE-862.

Affected Systems

The affected product is the Specific Content For Mobile plugin by Jose Mortellaro. Versions from n/a through <= 0.5.3 are vulnerable. Any WordPress installation using this plugin version is impacted.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate impact. EPSS is less than 1% and the vulnerability is not listed in CISA KEV, suggesting exploitation is unlikely but still possible, especially in environments with insufficient role segmentation. The likely attack vector is through the web interface of the WordPress site where the plugin is active; attackers with any role below the required privilege may exploit the misconfiguration. Monitoring and remediation are advised to prevent unauthorized access.

Generated by OpenCVE AI on May 1, 2026 at 03:47 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Specific Content For Mobile plugin to a version newer than 0.5.3 to eliminate the access control flaw.
  • If an update cannot be performed immediately, disable the plugin or configure it to require higher privilege levels for all operations, ensuring that only trusted roles can access its features.
  • Review WordPress role and capability assignments, removing or limiting permissions for users who should not interact with plugin features, and audit access logs for suspicious activity.

Generated by OpenCVE AI on May 1, 2026 at 03:47 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-8331 Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3. Missing Authorization vulnerability in Jose Mortellaro Specific Content For Mobile specific-content-for-mobile allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Specific Content For Mobile: from n/a through <= 0.5.3.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Thu, 27 Mar 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 27 Mar 2025 11:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Jose Specific Content For Mobile allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specific Content For Mobile: from n/a through 0.5.3.
Title WordPress Specific Content For Mobile plugin <= 0.5.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:59.695Z

Reserved: 2025-03-26T09:21:15.799Z

Link: CVE-2025-30874

cve-icon Vulnrichment

Updated: 2025-03-27T13:57:54.588Z

cve-icon NVD

Status : Deferred

Published: 2025-03-27T11:15:48.663

Modified: 2026-04-23T15:27:14.290

Link: CVE-2025-30874

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T04:00:06Z

Weaknesses