Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for WP Genealogy – Your Family History Website by Black and White

    CVE-2025-32252 (GCVE-0-2025-32252)

    Vulnerability from nvd – Published: 2025-04-04 15:59 – Updated: 2026-04-28 16:12
    VLAI
    Title
    WordPress WP Genealogy plugin <= 0.1.9 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Black and White WP Genealogy – Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Genealogy – Your Family History Website: from n/a through <= 0.1.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2026-04-01 16:38
    Credits
    Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T18:57:23.110457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T18:57:30.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpgenealogy",
              "product": "WP Genealogy \u2013 Your Family History Website",
              "vendor": "Black and White",
              "versions": [
                {
                  "lessThanOrEqual": "0.1.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:38:41.633Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Black and White WP Genealogy \u2013 Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Genealogy \u2013 Your Family History Website: from n/a through \u003c= 0.1.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Black and White WP Genealogy \u2013 Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Genealogy \u2013 Your Family History Website: from n/a through \u003c= 0.1.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:12:19.979Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpgenealogy/vulnerability/wordpress-wp-genealogy-plugin-0-1-9-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WP Genealogy plugin \u003c= 0.1.9 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-32252",
        "datePublished": "2025-04-04T15:59:26.942Z",
        "dateReserved": "2025-04-04T10:02:14.480Z",
        "dateUpdated": "2026-04-28T16:12:19.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-32252 (GCVE-0-2025-32252)

    Vulnerability from cvelistv5 – Published: 2025-04-04 15:59 – Updated: 2026-04-28 16:12
    VLAI
    Title
    WordPress WP Genealogy plugin <= 0.1.9 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in Black and White WP Genealogy – Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Genealogy – Your Family History Website: from n/a through <= 0.1.9.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2026-04-01 16:38
    Credits
    Trương Hữu Phúc (truonghuuphuc) | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-32252",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T18:57:23.110457Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T18:57:30.730Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "wpgenealogy",
              "product": "WP Genealogy \u2013 Your Family History Website",
              "vendor": "Black and White",
              "versions": [
                {
                  "lessThanOrEqual": "0.1.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Tr\u01b0\u01a1ng H\u1eefu Ph\u00fac (truonghuuphuc) | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-01T16:38:41.633Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in Black and White WP Genealogy \u2013 Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects WP Genealogy \u2013 Your Family History Website: from n/a through \u003c= 0.1.9.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in Black and White WP Genealogy \u2013 Your Family History Website wpgenealogy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Genealogy \u2013 Your Family History Website: from n/a through \u003c= 0.1.9."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:12:19.979Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/wpgenealogy/vulnerability/wordpress-wp-genealogy-plugin-0-1-9-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress WP Genealogy plugin \u003c= 0.1.9 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2025-32252",
        "datePublished": "2025-04-04T15:59:26.942Z",
        "dateReserved": "2025-04-04T10:02:14.480Z",
        "dateUpdated": "2026-04-28T16:12:19.979Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }