Primary

Context

Code for Recovery 12 Step Meeting List Missing Authorization Vulnerability Allowing Arbitrary Content Deletion

Vulnerability

Patched

A missing authorization vulnerability has been identified in the Code for Recovery 12 Step Meeting List WordPress plugin, affecting versions through 3.16.5. This vulnerability allows exploitation of improperly configured access control security levels, leading to arbitrary content deletion. As a result, malicious actors could potentially remove posts, pages, or media from affected websites.

Impact

Exploitation of this vulnerability could result in the unauthorized deletion of content from a WordPress site, including posts, pages, or media files.

Remediation

Users of the Code for Recovery 12 Step Meeting List WordPress plugin should update to version 3.16.6 or later to address this vulnerability. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Code for Recovery 12 Step Meeting List Missing Authorization Vulnerability Allowing Arbitrary Content Deletion

Vulnerability

Impact

Remediation

Affected Products

Code for Recovery 12 Step Meeting List

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating