CVE-2025-49973

Name of the Vulnerable Software and Affected Versions: GrandPlugins Image Sizes Controller versions 1.0.0 through 1.0.9 Create Custom Image Sizes versions 1.0.0 through 1.0.9 Disable Image Sizes versions 1.0.0 through 1.0.9

Description: The issue is related to a Missing Authorization vulnerability in GrandPlugins Image Sizes Controller, Create Custom Image Sizes, and Disable Image Sizes. This vulnerability allows exploiting incorrectly configured access control security levels.

Recommendations: For GrandPlugins Image Sizes Controller versions 1.0.0 through 1.0.9, consider restricting access to the Image Sizes Controller until a patch is available. For Create Custom Image Sizes versions 1.0.0 through 1.0.9, avoid using the custom image sizes feature in sensitive environments until the issue is resolved. For Disable Image Sizes versions 1.0.0 through 1.0.9, temporarily disable the Disable Image Sizes functionality to minimize the risk of exploitation. As a general mitigation measure, review and correct the access control security levels configuration to prevent unauthorized access.