Description
Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
Published: 2025-04-03
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows unauthorized users to exploit incorrectly configured access control security levels within the Residential Address Detection plugin. This defect can lead to unauthorized access to plugin settings or functionalities, potentially enabling alteration of data or exposure of sensitive information. The weakness corresponds to CWE-862, indicating improper enforcement of authorization checks.

Affected Systems

The issue affects the Residential Address Detection WordPress plugin developed by Eniture Technology. All releases up to and including version 2.5.4 are vulnerable; the affected range is indicated as n/a through <= 2.5.4.

Risk and Exploitability

The CVSS score of 6.5 classifies the defect as medium severity, while the EPSS score of less than 1% suggests a very low likelihood of exploitation under current conditions. It is not listed in the CISA KEV catalog. The most likely attack vector is via the plugin’s web interface, where an unauthenticated or low‑privileged user can interact with the plugin’s features without proper authorization checks.

Generated by OpenCVE AI on May 1, 2026 at 01:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Residential Address Detection plugin to a version newer than 2.5.4 to apply the vendor’s fix.
  • If an update is not immediately feasible, remove or deactivate the plugin entirely to eliminate the attack surface.
  • Apply additional role‑based access controls in WordPress or use security plugins to restrict access to the plugin’s administrative pages until the issue is resolved.

Generated by OpenCVE AI on May 1, 2026 at 01:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-14791 Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4. Missing Authorization vulnerability in enituretechnology Residential Address Detection residential-address-detection allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Residential Address Detection: from n/a through <= 2.5.4.
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Thu, 03 Apr 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 03 Apr 2025 13:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.
Title WordPress Residential Address Detection plugin <= 2.5.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:00.594Z

Reserved: 2025-03-26T09:21:45.625Z

Link: CVE-2025-30916

cve-icon Vulnrichment

Updated: 2025-04-03T15:00:05.837Z

cve-icon NVD

Status : Deferred

Published: 2025-04-03T14:15:34.790

Modified: 2026-04-23T15:27:19.277

Link: CVE-2025-30916

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T01:15:05Z

Weaknesses