CVE-2025-47472

{"id": "CVE-2025-47472", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2025-05-07T15:16:01.567", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/music-player-for-woocommerce/vulnerability/wordpress-music-player-for-woocommerce-1-5-1-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in codepeople Music Player for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Music Player for WooCommerce: from n/a through 1.5.1."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en codepeople Music Player for WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al reproductor de m\u00fasica para WooCommerce desde la versi\u00f3n n/d hasta la 1.5.1."}], "lastModified": "2025-05-08T14:39:18.800", "sourceIdentifier": "audit@patchstack.com"}