Description
Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.
Published: 2025-06-09
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization check that allows users to invoke functions that should be restricted by access-control lists. This broken access control can expose sensitive information or let attackers perform actions not intended for them, raising risks to confidentiality, integrity, and potentially availability of the WordPress site. The severity, as reflected by a CVSS score of 6.5, classifies it as a moderate risk and indicates the weakness is governed by CWE‑862.

Affected Systems

The affected software is the WordPress StyleAI plugin developed by relentlo (relentlosoftware). All releases from the earliest version through 1.0.4 are vulnerable. Site administrators using any of these versions should identify the installation location of the plugin within their WordPress installation.

Risk and Exploitability

The EPSS score of less than 1% suggests that exploit attempts are expected to be rare, and the vulnerability is not listed in CISA’s KEV catalog. Nonetheless, the missing authorization logic means that any user who can reach the plugin’s endpoints—potentially even unauthenticated visitors—could trigger the protected functions. Attackers with network access to the site or the ability to guess endpoint URLs could therefore exploit the flaw. Until a patch is applied, sites are susceptible to unauthorized actions or data disclosure through this pathway.

Generated by OpenCVE AI on April 30, 2026 at 11:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the StyleAI plugin to version 1.0.5 or later where the authorization issue has been fixed.
  • If an upgrade is not immediately possible, remove the StyleAI plugin or disable its restricted functionality through the WordPress admin interface.
  • Restrict access to the plugin’s admin pages by ensuring only authenticated administrators can reach them and by implementing additional role checks that align with the correct permissions.

Generated by OpenCVE AI on April 30, 2026 at 11:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17531 Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4. Missing Authorization vulnerability in relentlo StyleAI relentlosoftware allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects StyleAI: from n/a through <= 1.0.4.
Title WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability WordPress StyleAI plugin <= 1.0.4 - Broken Access Control Vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00035}

 epss

{'score': 0.00038}

Tue, 10 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Jun 2025 16:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in relentlo StyleAI allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects StyleAI: from n/a through 1.0.4.
Title WordPress StyleAI <= 1.0.4 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:52.355Z

Reserved: 2025-05-15T18:01:40.432Z

Link: CVE-2025-48139

cve-icon Vulnrichment

Updated: 2025-06-10T13:42:59.443Z

cve-icon NVD

Status : Deferred

Published: 2025-06-09T16:15:43.423

Modified: 2026-04-23T15:30:52.207

Link: CVE-2025-48139

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T11:45:21Z

Weaknesses