Description
Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4.
Published: 2025-04-01
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization flaw in the WordPress Cue plugin allows attackers to perform actions that should be restricted to privileged users. The vulnerability arises from incorrectly configured access control security levels, enabling unauthorized manipulation of plugin settings or site content. This can compromise the integrity of the site and expose sensitive data if combined with other weaknesses.

Affected Systems

The issue affects the AudioTheme Cue plugin for WordPress, specifically all versions from the initial release through and including version 2.4.4. Administrators who have installed any of these versions are vulnerable.

Risk and Exploitability

The CVSS score of 4.3 indicates a moderate risk. The EPSS probability is less than 1%, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited public exploitation. Attackers would likely need to interact with the WordPress admin interface or tamper with plugin settings remotely, but details on how to exploit the flaw in an operational environment are not specified in the advisory.

Generated by OpenCVE AI on May 1, 2026 at 02:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Cue plugin to any version newer than 2.4.4.
  • If an upgrade is not feasible, disable or delete the plugin from the WordPress installation.
  • Restrict access to the WordPress admin area by IP filtering or implementing stronger authentication controls.

Generated by OpenCVE AI on May 1, 2026 at 02:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9245 Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4. Missing Authorization vulnerability in AudioTheme Cue cue allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cue: from n/a through <= 2.4.4.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Tue, 01 Apr 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 01 Apr 2025 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Brady Vercher Cue allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Cue: from n/a through 2.4.4.
Title WordPress Cue by AudioTheme.com plugin <= 2.4.4 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:12.792Z

Reserved: 2025-04-01T13:19:54.844Z

Link: CVE-2025-31787

cve-icon Vulnrichment

Updated: 2025-04-01T18:37:23.102Z

cve-icon NVD

Status : Deferred

Published: 2025-04-01T15:16:16.710

Modified: 2026-04-23T15:28:17.637

Link: CVE-2025-31787

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T02:15:06Z

Weaknesses