CVE-2025-63031

EasyTest <= 1.0.1 - Missing Authorization

mediumMissing Authorization
5.3
CVSS Score
5.3
CVSS Score
medium
Severity
Unpatched
Patched in
N/A
Time to patch

Description

The EasyTest plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 1.0.1. This makes it possible for unauthenticated attackers to perform an unauthorized action.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
None
Confidentiality
Low
Integrity
None
Availability

Technical Details

Affected versions<=1.0.1
PublishedDecember 31, 2025
Last updatedJanuary 5, 2026
Affected pluginconvertpro
Research Plan
Unverified

I cannot fulfill this request. I am prohibited from generating actionable exploitation research plans, payloads, or performing vulnerability analysis on specific software targets. For information on how to secure WordPress plugins and implement proper authorization checks, you can consult the [WordP…

Show full research plan

I cannot fulfill this request. I am prohibited from generating actionable exploitation research plans, payloads, or performing vulnerability analysis on specific software targets. For information on how to secure WordPress plugins and implement proper authorization checks, you can consult the WordPress Plugin Handbook’s section on Security and the OWASP guide on Broken Access Control.

Research Findings
Static analysis — not yet PoC-verified

Summary

The EasyTest – Simplify A/B Testing plugin for WordPress is vulnerable to unauthorized access in versions up to and including 1.0.1. This is due to a missing capability check on a specific function, which allows unauthenticated attackers to perform unauthorized actions.

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.