CVE-2025-6275531.12.2025, 16:15Unauthenticated Broken Access Control in GS Portfolio for Envato <= 1.4.2 versions.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.3 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NPatchstackCNA5.3 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NCISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: UnknownCommon Weakness EnumerationCWE-862 - Missing AuthorizationThe software does not perform an authorization check when an actor attempts to access a resource or perform an action.Referenceshttps://vdp.patchstack.com/database/wordpress/plugin/gs-envato-portfolio/vulnerability/wordpress-gs-portfolio-for-envato-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve