Description
Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.
Published: 2025-09-09
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization flaw that allows improper access to the plugin’s protected functions. Because the access control security levels are incorrectly configured, a user who should not have permissions can potentially view or modify content, change settings, or perform other privileged actions through the Categorify plugin. This flaw is classified as CWE‑862, indicating unauthorized access to normally protected resources.

Affected Systems

The issue affects WordPress users who have installed the Frenify Categorify plugin up to and including version 1.0.7.5. No other products or vendor releases are affected as per the current CNA listing.

Risk and Exploitability

The CVSS score of 4.3 places the vulnerability in the moderate range, and the EPSS score of less than 1 % indicates a very low probability of being exploited in the wild. The flaw can be triggered by accessing the plugin’s functional endpoints, potentially without authentication or with only low‑privileged credentials, depending on the site’s configuration. The vulnerability is not listed in the CISA KEV catalog, suggesting no known active exploitation campaigns targeting it at this time.

Generated by OpenCVE AI on April 30, 2026 at 01:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WordPress Categorify plugin to the latest version available, which resolves the broken access control issue.
  • Verify that WordPress roles and capabilities are correctly configured so that only users who need to use Categorify can perform its privileged actions.
  • Monitor server and application logs for unusual access attempts to the plugin’s endpoints to detect potential exploitation.

Generated by OpenCVE AI on April 30, 2026 at 01:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27434 Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5. Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through <= 1.0.7.5.
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Tue, 09 Sep 2025 23:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 09 Sep 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Frenify
Frenify categorify
Wordpress
Wordpress wordpress
Vendors & Products Frenify
Frenify categorify
Wordpress
Wordpress wordpress

Tue, 09 Sep 2025 16:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in frenify Categorify allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Categorify: from n/a through 1.0.7.5.
Title WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Frenify Categorify
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:51.454Z

Reserved: 2025-09-06T04:45:39.391Z

Link: CVE-2025-59005

cve-icon Vulnrichment

Updated: 2025-09-09T17:50:50.883Z

cve-icon NVD

Status : Deferred

Published: 2025-09-09T17:16:14.623

Modified: 2026-04-23T15:34:01.543

Link: CVE-2025-59005

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:00:13Z

Weaknesses