Security issue: Missing Authorization/Broken Access Control (CVE-2025-32213) | WordPress.org

Ronny Adsetts
(@ronnyadsetts)

1 year ago

Wordfence alerted me to a reported security issue where authorization is not performed. This was initially reported via Patchstack as far as I can tell:

https://patchstack.com/database/wordpress/plugin/flo-forms/vulnerability/wordpress-flo-forms-plugin-1-0-43-broken-access-control-vulnerability

That page notes “This vulnerability is moderately dangerous and expected to become exploited.”.

Initially reported on 20 Nov 2024, published on Patchstack 09 Apr 2025.

Would it be possible to get a fix published? Failing that, could the plugin author “claim” the plugin on Patchstack and get the details of the issue? That way, those of us still using the plugin for whatever reason and write a fix ourselves.

Thanks.

The topic ‘Security issue: Missing Authorization/Broken Access Control (CVE-2025-32213)’ is closed to new replies.

0 replies
1 participant
Last reply from: Ronny Adsetts
Last activity: 1 year ago
Status: not resolved