{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25384", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:53:07.230Z", "datePublished": "2026-02-19T08:27:01.252Z", "dateUpdated": "2026-04-28T16:14:57.339Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-lister-for-ebay", "product": "WP-Lister Lite for eBay", "vendor": "WP Lab", "versions": [{"changes": [{"at": "3.8.6", "status": "unaffected"}], "lessThanOrEqual": "3.8.5", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Bao - BlueRock | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:05.684Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.</p>"}], "value": "Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:57.339Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-lister-for-ebay/vulnerability/wordpress-wp-lister-lite-for-ebay-plugin-3-8-5-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T19:32:52.057632Z", "id": "CVE-2026-25384", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T13:10:14.243Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25384", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T19:32:52.057632Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T19:31:54.819Z"}}], "cna": {"title": "WordPress WP-Lister Lite for eBay plugin <= 3.8.5 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Bao - BlueRock | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WP Lab", "product": "WP-Lister Lite for eBay", "versions": [{"status": "affected", "changes": [{"at": "3.8.6", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "3.8.5"}], "packageName": "wp-lister-for-ebay", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:05:05.684Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wp-lister-for-ebay/vulnerability/wordpress-wp-lister-lite-for-ebay-plugin-3-8-5-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:57.339Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25384", "state": "PUBLISHED", "dateUpdated": "2026-04-28T16:14:57.339Z", "dateReserved": "2026-02-02T12:53:07.230Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:27:01.252Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in WP Lab WP-Lister Lite for eBay wp-lister-for-ebay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Lister Lite for eBay: from n/a through <= 3.8.5."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en WP Lab WP-Lister Lite for eBay wp-lister-for-ebay permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP-Lister Lite for eBay: desde n/a hasta &lt;= 3.8.5."}], "id": "CVE-2026-25384", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:20.397", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wp-lister-for-ebay/vulnerability/wordpress-wp-lister-lite-for-ebay-plugin-3-8-5-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.8.5]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "WP-Lister Lite for eBay", "source": "cna", "vendor": "WP Lab"}, "product": "wp-lister_lite_for_ebay", "vendor": "wplab"}], "analysis": {"en": {"generated_at": "2026-04-16T00:22:34.773139+00:00", "value": {"mitigation_remediation": ["Upgrade the WP\u2011Lister Lite for eBay plugin to the latest available version (3.9.0 or later).", "If an update is not immediately possible, disable or uninstall the plugin to eliminate the exposed attack surface.", "Restrict the plugin\u2019s access to administrators by configuring role capabilities or applying a least\u2011privilege policy with a security plugin."], "summary": {"action": "Patch immediately", "impact": "Unauthorized privileged access"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the WP Lab WP\u2011Lister Lite for eBay plugin installed, with versions up to and including 3.8.5. Any WordPress installation using those plugin versions is potentially affected.", "description_and_impact": "The vulnerability is a missing authorization issue that allows attackers to access WP\u2011Lister Lite for eBay plugin functionality without the required user permissions. This can lead to unauthorized management of eBay listings, potential manipulation of product data, or other privileged actions that could compromise the confidentiality or integrity of the site\u2019s content. The weakness is described by CWE\u2011862.", "risk_and_exploitability": "The vulnerability scores a 5.3 on the CVSS, indicating medium severity, while the EPSS score of less than 1% shows a very low likelihood of exploitation at present. It is not listed in the CISA KEV catalog, so no publicly known exploits have been reported. Based on the description, the likely attack vector is a web\u2011based compromise through the plugin\u2019s administrative interface, where an attacker could exploit the incorrectly configured access control to elevate privileges or perform unauthorized actions."}}}}, "created": "2026-02-20T10:08:39.564862+00:00", "updated": "2026-04-16T00:30:18.858542+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wplab", "wplab$PRODUCT$wp-lister_lite_for_ebay"]}