CVE-2025-22592

High

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0023 46.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Missing Authorization vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through <= 1.87.

Security Summary

CVE-2025-22592 is a missing authorization vulnerability, classified under CWE-862, in the 1003 Mortgage Application WordPress plugin developed by 8blocks. The flaw allows attackers to access functionality not properly constrained by access control lists (ACLs). It affects the plugin from unknown initial versions through 1.87 inclusive.

The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating it can be exploited remotely by unauthenticated attackers with low complexity and no user interaction. Exploitation enables high-impact confidentiality violations, such as unauthorized access to sensitive data within the plugin's functionality.

Patchstack has documented the issue in its vulnerability database for the WordPress 1003 Mortgage Application plugin version 1.87, available at https://patchstack.com/database/Wordpress/Plugin/1003-mortgage-application/vulnerability/wordpress-1003-mortgage-application-plugin-1-87-broken-access-control-vulnerability-2?_s_id=cve. Security practitioners should review this advisory for recommended mitigation steps.

Details

CWE(s): CWE-862

References

https://patchstack.com/database/Wordpress/Plugin/1003-mortgage-application/vulnerability/wordpress-1003-mortgage-application-plugin-1-87-broken-access-control-vulnerability-2?_s_id=cve
audit@patchstack.com