Description
Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
Published: 2025-06-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The QuickCab WordPress plugin suffers from a missing authorization check that allows users without appropriate administrative privileges to attack the plugin. The flaw is recorded as CWE‑862. Because unauthorized access can be used to modify or view plugin data, it can potentially compromise the integrity of the site’s ordering and logistical functions.

Affected Systems

All QuickCab plugin installations at version 1.3.3 or earlier are affected. The vulnerability applies to any WordPress site that has this plugin deployed; no specific WordPress core or theme versions are referenced.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at the time of this analysis. The vulnerability is not listed in the CISA KEV catalog. It is inferred that attackers could exploit the missing authorization by sending unauthenticated or partially authenticated HTTP requests to the plugin’s administrative endpoints, based on the typical plugin interface design.

Generated by OpenCVE AI on May 2, 2026 at 01:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade QuickCab to a version newer than 1.3.3 that includes the authorization fix
  • If an upgrade is not possible, temporarily uninstall or disable the QuickCab plugin until a fix is applied
  • Enforce strict role‑based permissions for WordPress administrative accounts and monitor logs for unauthorized access attempts

Generated by OpenCVE AI on May 2, 2026 at 01:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17110 Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in QuickcabWP QuickCab quickcab.This issue affects QuickCab: from n/a through <= 1.3.3. Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
References

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3. Missing Authorization vulnerability in QuickcabWP QuickCab quickcab.This issue affects QuickCab: from n/a through <= 1.3.3.
References

Fri, 06 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 06 Jun 2025 11:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in QuickcabWP QuickCab.This issue affects QuickCab: from n/a through 1.3.3.
Title WordPress QuickCab plugin <= 1.3.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:56.638Z

Reserved: 2025-05-19T14:14:34.469Z

Link: CVE-2025-48337

cve-icon Vulnrichment

Updated: 2025-06-06T15:08:15.001Z

cve-icon NVD

Status : Deferred

Published: 2025-06-06T12:15:24.107

Modified: 2026-04-28T19:32:45.910

Link: CVE-2025-48337

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T01:30:16Z

Weaknesses