Description
Missing Authorization vulnerability in Maidul Team Manager wp-team-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Manager: from n/a through <= 2.5.1.
Published: 2025-09-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw in the Team Manager plugin for WordPress, allowing attackers to bypass configured access control security levels. This flaw enables unauthorized users or those with insufficient privileges to access protected data or perform privileged actions within the plugin. Classed as CWE‑862, the weakness results in a potential escalation of privileges and unauthorized data exposure.

Affected Systems

The affected product is Maidul Team Manager (WordPress wp-team-manager) for all versions up to and including 2.5.1. No specific release beyond 2.5.1 is mentioned as vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity. The EPSS score of less than 1% reflects a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog, meaning no confirmed widespread active exploitation is reported. The likely attack vector is a web‑based request to the plugin’s administrative endpoints, and an attacker could exploit the missing authorization checks to gain unauthorized access, potentially without needing authentication, as the vulnerability description indicates a missing authorization flaw.

Generated by OpenCVE AI on April 30, 2026 at 06:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Team Manager plugin to a version newer than 2.5.1, preferably the latest release available on the WordPress repository or the vendor’s website.
  • Restrict the plugin’s administrative capabilities to users with the highest privileges (e.g., administrators) and remove or disable any unnecessary access levels while the update is pending.
  • If an immediate upgrade is not possible, deploy a web‑application firewall rule that blocks or limits traffic to the plugin’s sensitive endpoints to mitigate exploitation attempts.

Generated by OpenCVE AI on April 30, 2026 at 06:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30618 Missing Authorization vulnerability in Maidul Team Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Manager: from n/a through 2.3.14.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Maidul Team Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Manager: from n/a through 2.3.14. Missing Authorization vulnerability in Maidul Team Manager wp-team-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Team Manager: from n/a through <= 2.5.1.
Title WordPress Team Manager Plugin <= 2.3.14 - Broken Access Control Vulnerability WordPress Team Manager plugin <= 2.5.1 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Maidul Team Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Team Manager: from n/a through 2.3.14.
Title WordPress Team Manager Plugin <= 2.3.14 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T01:00:17.703Z

Reserved: 2025-08-27T16:19:27.209Z

Link: CVE-2025-58222

cve-icon Vulnrichment

Updated: 2025-09-23T15:56:03.804Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:06.960

Modified: 2026-04-23T15:33:19.983

Link: CVE-2025-58222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:45:16Z

Weaknesses