CVE-2025-67579
WordPress User Extra Fields plugin <= 16.8 - Broken Access Control vulnerability
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
Missing Authorization vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Extra Fields: from n/a through <= 16.8.
| CWE | CWE-862 |
| Vendor | vanquish |
| Product | user extra fields |
| Published | Dec 9, 2025 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for vanquish user extra fields
Be the first to know when new medium vulnerabilities affecting vanquish user extra fields are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
vanquish / User Extra Fields
0 โค 16.8
References
Credits
Phat RiO | Patchstack Bug Bounty Program