Description
Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
Published: 2025-07-04
Score: 8.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the MobiLoud WordPress plugin that allows an attacker to bypass the intended access controls. This flaw enables access to administrative functionality that should be restricted to users with higher privileges. The weakness is cataloged as CWE-862, indicating improper authorization.

Affected Systems

Affected systems are sites that have installed any release of the MobiLoud plugin from all versions up through 4.6.5. The issue is specific to the plugin and does not depend on the underlying operating system or WordPress core version.

Risk and Exploitability

Risk is described as high by the CVSS base score of 8.1. The EPSS score is reported as less than 1%, suggesting a low likelihood of exploitation at present, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred to be a crafted HTTP request to the plugin’s administrative endpoints, exploiting the missing checks. No additional conditions are disclosed beyond the missing authorization.

Generated by OpenCVE AI on May 1, 2026 at 07:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the MobiLoud plugin to version 4.6.6 or later to apply the fix for the missing authorization checks.
  • Restrict user roles that have access to the plugin’s administrative features to only those who truly require such privileges.
  • Monitor WordPress logs for repeated attempts to access the plugin’s administrative endpoints and alert on suspicious activity.

Generated by OpenCVE AI on May 1, 2026 at 07:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-20000 Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
History

Tue, 28 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
References

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in pietro MobiLoud mobiloud-mobile-app-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MobiLoud: from n/a through <= 4.6.6. Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
Title WordPress MobiLoud plugin <= 4.6.6 - Broken Access Control Vulnerability WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability
References

Thu, 23 Apr 2026 15:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5. Missing Authorization vulnerability in pietro MobiLoud mobiloud-mobile-app-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MobiLoud: from n/a through <= 4.6.6.
Title WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability WordPress MobiLoud plugin <= 4.6.6 - Broken Access Control Vulnerability
References

Mon, 07 Jul 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 04 Jul 2025 11:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in pietro MobiLoud allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MobiLoud: from n/a through 4.6.5.
Title WordPress MobiLoud <= 4.6.5 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:19.359Z

Reserved: 2025-06-19T10:03:36.790Z

Link: CVE-2025-52813

cve-icon Vulnrichment

Updated: 2025-07-07T16:27:23.265Z

cve-icon NVD

Status : Deferred

Published: 2025-07-04T12:15:34.273

Modified: 2026-04-28T19:33:28.837

Link: CVE-2025-52813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:15:11Z

Weaknesses