Description
Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1.
Published: 2025-06-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw affecting the Audio Editor & Recorder plugin for WordPress, rated as CWE‑862. It permits a user to bypass the plugin’s configured access control, allowing them to perform actions or view data that should be limited to users with higher privileges. This can compromise the confidentiality and integrity of the site’s audio content without enabling remote code execution.

Affected Systems

Roland Beaussant Audio Editor & Recorder plugin for WordPress. All installations running any version up through and including 2.2.1 are potentially affected. No earlier unlisted versions are specified, so the flaw is believed to exist in every build preceding the patched release.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk level. The EPSS score of less than 1% suggests the likelihood of exploitation is low as of now, and the vulnerability is not listed in the CISA KEV catalog. Attacks would most likely occur via the plugin’s web interface, with an attacker needing only regular user access or lower to exploit incorrectly configured access control checks. Elevated network privileges or remote execution paths are not required by the CVE data.

Generated by OpenCVE AI on April 30, 2026 at 17:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Audio Editor & Recorder plugin to the latest version that contains the authorization fix
  • If an update is unavailable, limit the plugin's administrative interface to administrator roles by adjusting the plugin’s settings or using a role‑restriction plugin
  • Temporarily remove or deactivate the Audio Editor & Recorder plugin until a patched version is released

Generated by OpenCVE AI on April 30, 2026 at 17:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17671 Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.
History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Roland Beaussant Audio Editor &amp; Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor &amp; Recorder: from n/a through <= 2.2.1. Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through <= 2.2.1.

Fri, 24 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1. Missing Authorization vulnerability in Roland Beaussant Audio Editor &amp; Recorder audio-editor-recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor &amp; Recorder: from n/a through <= 2.2.1.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Sat, 12 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00037}

 epss

{'score': 0.0004}

Tue, 10 Jun 2025 13:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Roland Beaussant Audio Editor & Recorder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Audio Editor & Recorder: from n/a through 2.2.1.
Title WordPress Audio Editor & Recorder plugin <= 2.2.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:05.595Z

Reserved: 2025-06-06T10:33:37.437Z

Link: CVE-2025-49509

cve-icon Vulnrichment

Updated: 2025-06-10T13:39:35.899Z

cve-icon NVD

Status : Deferred

Published: 2025-06-10T13:15:23.427

Modified: 2026-06-17T09:31:23.927

Link: CVE-2025-49509

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T18:00:14Z

Weaknesses