Description
Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.3.
Published: 2025-04-04
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a missing authorization issue in the Revive.so plugin that allows any user who can send a request to the plugin’s endpoints to perform actions that should be restricted. This missing authorization opens the door for an attacker to manipulate content or settings controlled by the plugin, potentially compromising the integrity of the site’s data. The weakness aligns with CWE‑862: Missing Authorization. Because the vulnerability operates within the plugin’s scope, the direct impact is limited to the features the plugin provides, but an attacker could leverage it to subvert media management or editorial workflows.

Affected Systems

WordPress installations running the Revive.so plugin from WP Chill. Versions from the earliest releases up through 2.0.3 of the plugin are vulnerable. Site owners using any of these versions should consider the plugin's risk level.

Risk and Exploitability

The CVSS score of 4.3 indicates a low‑moderate potential for damage. EPSS of less than 1 % points to a very low probability that this flaw is actively exploited. The vulnerability is inferred to be exploitable via web requests to the plugin’s control endpoints, potentially requiring an authenticated session or a misconfigured permission set. Because the flaw is simple access‑control bypass, the attack vector is likely remote and requires no advanced prerequisites. No known public exploits exist and the vulnerability is not listed in CISA’s KEV catalog.

Generated by OpenCVE AI on May 1, 2026 at 00:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Revive.so plugin to version 2.0.4 or later where the access control issue has been fixed.
  • If an immediate upgrade is not possible, restrict access to the plugin’s administrative pages by configuring user roles so that only trusted accounts can reach them, or temporarily disable the plugin until a patch is available.
  • Audit WordPress user accounts and permissions to ensure no users possess higher privileges than necessary for normal site operation, and apply least‑privilege policies to the site’s editors and contributors.

Generated by OpenCVE AI on May 1, 2026 at 00:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9804 Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3. Missing Authorization vulnerability in WP Chill Revive.so revive-so allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Revive.so: from n/a through <= 2.0.3.
Title WordPress Revive.so <= 2.0.3 - Broken Access Control vulnerability WordPress Revive.so plugin <= 2.0.3 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Fri, 04 Apr 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 04 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in WP Chill Revive.so – Bulk Rewrite and Republish Blog Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Revive.so – Bulk Rewrite and Republish Blog Posts: from n/a through 2.0.3.
Title WordPress Revive.so <= 2.0.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:19.565Z

Reserved: 2025-04-04T10:01:59.468Z

Link: CVE-2025-32233

cve-icon Vulnrichment

Updated: 2025-04-04T19:52:30.216Z

cve-icon NVD

Status : Deferred

Published: 2025-04-04T16:15:32.617

Modified: 2026-04-23T15:28:48.200

Link: CVE-2025-32233

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T00:30:04Z

Weaknesses