Description
Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through <= 4.1.0.
Published: 2025-09-09
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization check in the Export WP Page to Static HTML/CSS plugin that permits accessing functions not properly protected by access controls. Because the export feature can generate static copies of WordPress pages, an attacker who can trigger the export could potentially extract content, media, or configuration data that should otherwise be restricted. This weakness is typified by the CWE-862 "Missing Authorization" flaw.

Affected Systems

The flaw affects the recorp Export WP Page to Static HTML/CSS WordPress plugin versions up to and including 4.1.0. The plugin is used within WordPress sites to convert pages to static HTML and CSS and is installed on any site that has opted for that functionality.

Risk and Exploitability

With a CVSS score of 5.3 the vulnerability represents a medium severity risk. The EPSS score is below 1%, indicating a very low exploitation probability, and it is not listed in the CISA KEV catalog. The likely attack vector is via the exported page functionality, and it may be exploitable by users who can access the plugin interface; however, the description does not specify whether authentication is required, so we infer that the vulnerability may be usable by unauthenticated users with plugin access or by authenticated users lacking proper role permissions.

Generated by OpenCVE AI on April 30, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Export WP Page to Static HTML/CSS to a version newer than 4.1.0 or apply any vendor‑supplied patches.
  • If upgrading immediately is not possible, disable the build‑in export endpoint or restrict its access to trusted administrative roles.
  • Disable the plugin entirely if export functionality is not required, and review other plugins for similar broken access control flaws.

Generated by OpenCVE AI on April 30, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27394 Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0. Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS export-wp-page-to-static-html allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export WP Page to Static HTML/CSS: from n/a through <= 4.1.0.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Myrecorp
Myrecorp export Wp Page To Static Html/css
Wordpress
Wordpress wordpress
Vendors & Products Myrecorp
Myrecorp export Wp Page To Static Html/css
Wordpress
Wordpress wordpress

Tue, 09 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in recorp Export WP Page to Static HTML/CSS allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Export WP Page to Static HTML/CSS: from n/a through 4.1.0.
Title WordPress Export WP Page to Static HTML/CSS Plugin <= 4.1.0 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Myrecorp Export Wp Page To Static Html/css
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:50.870Z

Reserved: 2025-09-06T04:45:16.550Z

Link: CVE-2025-58980

cve-icon Vulnrichment

Updated: 2025-09-09T17:45:22.191Z

cve-icon NVD

Status : Deferred

Published: 2025-09-09T17:16:12.130

Modified: 2026-04-23T15:33:59.207

Link: CVE-2025-58980

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:00:13Z

Weaknesses