Description
Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0.
Published: 2025-07-16
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Missing authorization checks in the Profiler – What Slowing Down Your WP plugin allow attackers to bypass intended access controls and perform actions beyond the privileges of the user. This is a broken access control flaw (CWE‑862) that could enable unauthorized viewing or modification of WordPress content, administrative settings, or other sensitive data. The estimated impact depends on the range of privileges an attacker can gain, but it can lead to data compromise and full site takeover if exploited.

Affected Systems

The flaw affects the WordPress plugin Profiler – What Slowing Down Your WP from activity‑log.com, impacting all releases up to and including version 1.0.0. Any website running those versions is vulnerable.

Risk and Exploitability

The CVSS score of 6.5 places it in the medium‑to‑high severity range, and the EPSS score of less than 1 % indicates few known live exploits. Nonetheless, the plugin is publicly accessible on the web, so the unlikely but possible attack vector is remote exploitation via a crafted request or access to the plugin’s administration endpoints. The vulnerability is not listed in CISA’s KEV catalog, but because it is a straightforward broken access control flaw, admins should treat it as a valid risk and apply mitigation promptly.

Generated by OpenCVE AI on April 30, 2026 at 09:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Profiler – What Slowing Down Your WP plugin to a version that removes the missing authorization check or remove the plugin entirely if an update is unavailable.
  • If the plugin cannot be updated or removed, block or restrict access to its administrative pages by firewall rules or by editing the .htaccess file so that only administrators can reach them.
  • Review all WordPress user roles and the plugin’s permission settings, ensuring that only trusted administrative accounts have privilege to execute plugin functions, and disable or delete any unused high‑privilege accounts.

Generated by OpenCVE AI on April 30, 2026 at 09:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21624 Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP profiler-what-slowing-down allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Profiler - What Slowing Down Your WP: from n/a through <= 1.0.0. Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0.
References

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0. Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP profiler-what-slowing-down allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Profiler - What Slowing Down Your WP: from n/a through <= 1.0.0.
References

Wed, 16 Jul 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00028}

Wed, 16 Jul 2025 11:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in activity-log.com Profiler - What Slowing Down Your WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Profiler - What Slowing Down Your WP: from n/a through 1.0.0.
Title WordPress Profiler - What Slowing Down Your WP <= 1.0.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:56.764Z

Reserved: 2025-05-19T14:14:34.469Z

Link: CVE-2025-48339

cve-icon Vulnrichment

Updated: 2025-07-16T14:11:41.884Z

cve-icon NVD

Status : Deferred

Published: 2025-07-16T12:15:27.350

Modified: 2026-04-28T19:32:46.063

Link: CVE-2025-48339

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T09:30:15Z

Weaknesses