CVE-2025-49970

{"id": "CVE-2025-49970", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2025-06-20T15:15:22.113", "references": [{"url": "https://patchstack.com/database/wordpress/theme/hello-fse-blog/vulnerability/wordpress-hello-fse-blog-theme-1-0-6-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hello FSE Blog: from n/a through 1.0.6."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en sparklewpthemes Hello FSE Blog permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al blog Hello FSE desde la versi\u00f3n n/d hasta la 1.0.6."}], "lastModified": "2025-06-23T20:16:40.143", "sourceIdentifier": "audit@patchstack.com"}