Description
Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3.
Published: 2025-12-18
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a missing authorization check in the GetResponse Email marketing for WordPress plugin that allows an attacker to bypass normal access controls. By exploiting this flaw, an attacker could read or write data that should be restricted, potentially accessing user leads or other sensitive information. This flaw is categorized as CWE‑862, which indicates improper authorization.

Affected Systems

The plugin GetResponse Email marketing for WordPress by GetResponse Official is vulnerable in all releases up to and including version 1.5.3. Any WordPress site that has the plugin installed within this version range is affected, regardless of the WordPress core version.

Risk and Exploitability

The CVSS base score of 6.5 reflects a moderate level of severity. The EPSS score of less than 1 percent indicates a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is over a web interface where the attacker can send crafted requests to plugin endpoints. Since no authentication prerequisite is mentioned, the flaw could potentially be leveraged by unauthenticated users to gain unauthorized access, but the exact conditions are not detailed in the description.

Generated by OpenCVE AI on April 29, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the GetResponse Email marketing for WordPress plugin to version 1.5.4 or later when it becomes available.
  • If an immediate update is not possible, temporarily disable or delete the plugin to prevent attackers from exploiting the missing authorization check.
  • Review user role assignments and ensure only administrators have access to the plugin’s administrative interfaces, reinforcing proper authorization controls.

Generated by OpenCVE AI on April 29, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Sun, 21 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Getresponse
Getresponse getresponse
Wordpress
Wordpress wordpress
Vendors & Products Getresponse
Getresponse getresponse
Wordpress
Wordpress wordpress

Thu, 18 Dec 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 18 Dec 2025 07:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in GetResponse Email marketing for WordPress by GetResponse Official getresponse-official allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email marketing for WordPress by GetResponse Official: from n/a through <= 1.5.3.
Title WordPress Email marketing for WordPress by GetResponse Official plugin <= 1.5.3 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Getresponse Getresponse
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:14:13.322Z

Reserved: 2025-10-29T03:08:27.752Z

Link: CVE-2025-64273

cve-icon Vulnrichment

Updated: 2025-12-18T16:37:16.946Z

cve-icon NVD

Status : Deferred

Published: 2025-12-18T08:16:13.743

Modified: 2026-04-27T16:16:39.417

Link: CVE-2025-64273

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T19:00:06Z

Weaknesses