CVE-2025-53217

Published Feb 20, 2026

Last updated 2 months ago

CVSS high 7.6

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-53217 is identified as a Missing Authorization vulnerability affecting the WordPress AIO WP Builder plugin, specifically in versions up to and including 2.0.2. This flaw is categorized as a Broken Access Control vulnerability. The vulnerability allows for the exploitation of incorrectly configured access control security levels within the plugin.

Description
Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AIO WP Builder: from n/a through <= 2.0.2.
Source
audit@patchstack.com
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.6
Impact score
4.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Severity
HIGH

Weaknesses

audit@patchstack.com
CWE-862

Social media

Hype score
Not currently trending

  1. CVE-2025-53217 Missing Authorization vulnerability in staviravn AIO WP Builder all-in-one-wp-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This iss… https://t.co/JvUOyciolf

    @CVEnew

    22 Feb 2026

    1190 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.