Description
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.1.
Published: 2025-04-04
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CVE describes a missing authorization flaw in the WP Messiah: Ai Image Alt Text Generator for WP plugin, which allows anyone with internet access to reach endpoints that should be limited to administrators. The plugin therefore lets attackers read or modify alt‑text metadata and potentially other configuration items that should be protected. This improper authorization flaw is categorized as CWE‑862 and can impact confidentiality and integrity of site content.

Affected Systems

WP Messiah: Ai Image Alt Text Generator for WP plugins running any version from the earliest documented release up to and including 1.1.1 are affected. The vulnerability is present in all builds within that version range; upgrading beyond 1.1.1 when a fix is released removes the flaw.

Risk and Exploitability

With a CVSS score of 5.4 the risk is rated moderate. The EPSS score of less than 1% indicates a low likelihood of exploitation in the wild, and the vulnerability is not listed in CISA's KEV catalog. Attackers can exploit the issue remotely by sending specially crafted HTTP requests to the plugin's protected functions without needing privileged credentials, potentially retrieving or tampering with protected information.

Generated by OpenCVE AI on May 1, 2026 at 11:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP Messiah: Ai Image Alt Text Generator for WP plugin to the most recent release that includes the authorization fix.
  • If an immediate update is not possible, disable or remove the plugin until a patched version is available.
  • Verify that any administrative interfaces or configuration URLs exposed by the plugin are inaccessible to non‑operator accounts by testing access from a non‑administrator user.

Generated by OpenCVE AI on May 1, 2026 at 11:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9813 Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8. Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.1.
Title WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Broken Access Control vulnerability WordPress Ai Image Alt Text Generator for WP plugin <= 1.1.1 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Mon, 07 Apr 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.
Title WordPress Ai Image Alt Text Generator for WP plugin <= 1.0.8 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.197Z

Reserved: 2025-04-04T10:01:42.464Z

Link: CVE-2025-32217

cve-icon Vulnrichment

Updated: 2025-04-07T16:39:16.100Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:30.873

Modified: 2026-04-23T15:28:46.527

Link: CVE-2025-32217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T11:15:15Z

Weaknesses