Description
Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6.
Published: 2025-09-22
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization check that allows users with insufficient privileges to access or modify Team plugin data and features that should be restricted. This can lead to unauthorized disclosure or modification of content, potentially compromising the integrity and confidentiality of the website. The weakness is identified as CWE-862.

Affected Systems

The affected product is the RadiusTheme Team plugin (tlp-team) for WordPress. Versions up through 5.0.6 are vulnerable; all earlier releases are also affected, but no specific versions are listed.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity, while the EPSS score of <1% suggests a very low probability of exploitation in the wild. The vulnerability is not currently in the CISA KEV catalog. Attackers are likely to need authenticated access or rely on mis‑configured ACL settings; this is inferred from the description. A successful exploit could allow privilege escalation within the plugin’s namespace, enabling the attacker to read or change data that should be protected.

Generated by OpenCVE AI on April 30, 2026 at 00:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Team plugin to the latest version, preferably 5.0.7 or newer, which resolves the access control flaw.
  • Verify that user roles and capabilities within the plugin are correctly assigned and that no unintended roles have high‑level access.
  • If an update is not available, disable or remove the Team plugin until a fix is released to prevent exploitation.

Generated by OpenCVE AI on April 30, 2026 at 00:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30667 Missing Authorization vulnerability in RadiusTheme Team allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team: from n/a through 5.0.6.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in RadiusTheme Team allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team: from n/a through 5.0.6. Missing Authorization vulnerability in RadiusTheme Team tlp-team allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team: from n/a through <= 5.0.6.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Thu, 25 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Radiustheme
Radiustheme team
Wordpress
Wordpress wordpress
Vendors & Products Radiustheme
Radiustheme team
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in RadiusTheme Team allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team: from n/a through 5.0.6.
Title WordPress Team Plugin <= 5.0.6 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Radiustheme Team
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:39.843Z

Reserved: 2025-08-22T11:37:13.319Z

Link: CVE-2025-57975

cve-icon Vulnrichment

Updated: 2025-09-25T13:52:44.249Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:15:57.230

Modified: 2026-04-23T15:33:09.847

Link: CVE-2025-57975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T01:00:13Z

Weaknesses