VDB
CVE-2023-25446
CVE-2023-25446
PUBLISHED
CVSS 7.699999809265137 HIGH
Missing Authorization vulnerability in HappyFiles HappyFiles Pro happyfiles-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HappyFiles Pro: from n/a through 1.8.1.
EPSS 0.09% · 25.0th percentile
Risk Scores
CVSS 3.1
7.699999809265137
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.09%
25.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HappyFiles | HappyFiles Pro | n/a, n/a |
Exploit Intelligence
- CIRCL seen: CVE-2023-25446 (circl-sighting)
- CIRCL seen: CVE-2023-25446 (circl-sighting)
- https://vdp.patchstack.com/database/wordpress/plugin/happyfiles-pro/vulnerability/wordpress-happyfiles-pro-plugin-1-8-1-broken-access-control?_s_id=cve (circl)
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/happyfiles-pro/happyfiles-pro-181-missing-authorization-to-arbitrary-file-deletion (vulncheck)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
- (vulncheck-reported-exploitation)
Timeline
- Apr 3, 2023 VulnCheck KEV Exploitation
- Dec 21, 2025 EPSS Score
- Dec 21, 2025 CVE Published
- Dec 21, 2025 PoC Published
- Dec 22, 2025 PoC Published
- Dec 25, 2025 EPSS Score
- Dec 29, 2025 EPSS Score
- Jan 1, 2026 EPSS Score
- Jan 5, 2026 EPSS Score
- Jan 9, 2026 EPSS Score
- Jan 13, 2026 EPSS Score
- Jan 17, 2026 EPSS Score