CVE 6.5 MEDIUM

WordPress Login Page Customizer – Customizer Login Page, Admin Page, Custom Design plugin <= 2.1.1 - Broken Access Control vulnerability_CVE-2025-49902

December 18, 2025 invoker category_cve
6.5 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Description

Missing Authorization vulnerability in A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design customizer-login-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Page Customizer – Customizer Login Page, Admin Page, Custom Design: from n/a through <= 2.1.1.

Basic Information

ID CVE-2025-49902
Source Patchstack
Published Dec 18, 2025 at 07:21
Modified Dec 18, 2025 at 19:39

Affected Product

Vendor A WP Life
Product Login Page Customizer – Customizer Login Page, Admin Page, Custom Design
Version n/a
Affected Versions A WP Life Login Page Customizer – Customizer Login Page, Admin Page, Custom Design n/a

CWE Classification

CWE-862

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.