Vulnerabilities > CVE-2025-28874 - Authorization Bypass Through User-Controlled Key vulnerability in Shanebp BP Email Assign Templates

CVSS 4.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

shanebp

CWE-639

NVD

Published: 2025-03-11

Updated: 2025-04-09

Summary

Authorization Bypass Through User-Controlled Key vulnerability in shanebp BP Email Assign Templates allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BP Email Assign Templates: from n/a through 1.6.

Vulnerable Configurations

Part	Description	Count
Application	Shanebp Shanebp BP Email Assign Templates *	1

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://patchstack.com/database/wordpress/plugin/bp-email-assign-templates/vulnerability/wordpress-bp-email-assign-templates-by-shanebp-plugin-1-6-arbitrary-content-deletion-vulnerability?_s_id=cve