Description
Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress Claim Listings: from n/a through <= 1.1.4.
Published: 2025-09-26
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A missing authorization check in the HivePress Claim Listings plugin allows an attacker to claim or modify listings without proper verification. This flaw can lead to users being able to claim listings they should not have access to or to alter listings’ ownership, impacting the integrity and trustworthiness of the platform’s listing data.

Affected Systems

The vulnerability affects the HivePress Claim Listings plugin for WordPress in all versions up to and including 1.1.4. No other products or higher versions are impacted according to the CNA information.

Risk and Exploitability

The CVSS score of 4.3 indicates low‑to‑moderate severity, and the EPSS score of less than 1% suggests exploitation is unlikely at present. The issue is not listed in the CISA KEV catalog. Given that the flaw resides in a web‑based plugin, the likely attack vector is remote via the WordPress interface, though specific conditions for exploitation are not detailed in the advisory.

Generated by OpenCVE AI on April 30, 2026 at 00:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the HivePress Claim Listings plugin to the latest available version that addresses the missing authorization check.
  • Re‑establish or verify that the access control configuration for claiming listings correctly limits actions to authorized users only.
  • Continuously monitor listing claims and ownership changes for suspicious activity or unauthorized claims.

Generated by OpenCVE AI on April 30, 2026 at 00:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-31278 Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3. Missing Authorization vulnerability in HivePress HivePress Claim Listings hivepress-claim-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HivePress Claim Listings: from n/a through <= 1.1.4.
Title WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability WordPress HivePress Claim Listings plugin <= 1.1.4 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Mon, 29 Sep 2025 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Fri, 26 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Sep 2025 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in HivePress HivePress Claim Listings allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects HivePress Claim Listings: from n/a through 1.1.3.
Title WordPress HivePress Claim Listings Plugin <= 1.1.3 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:55.330Z

Reserved: 2025-09-25T15:20:29.870Z

Link: CVE-2025-60122

cve-icon Vulnrichment

Updated: 2025-09-26T13:11:29.049Z

cve-icon NVD

Status : Deferred

Published: 2025-09-26T09:15:39.380

Modified: 2026-04-23T15:34:15.660

Link: CVE-2025-60122

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T00:15:23Z

Weaknesses