CVE-2025-14446 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Popup Builder (Easy Notify Lite) WordPress plugin developed by ghozylab. The flaw exists in the easynotify_cp_reset() function, which lacks proper capability checks to verify if the user has sufficient privileges before allowing a reset of the plugin’s settings to their default state. This missing authorization allows any authenticated user with at least Subscriber-level access to invoke this function and reset plugin configurations without administrative approval. Since WordPress Subscriber roles are typically assigned to low-privilege users, this vulnerability significantly lowers the barrier for exploitation. The vulnerability affects all versions up to and including 1.1.37 of the plugin. The CVSS v3.1 base score is 6.5, reflecting a medium severity level, with the vector indicating network attack vector, low attack complexity, no privileges required beyond authentication, no user interaction, and impacts on integrity and availability but not confidentiality. Exploiting this vulnerability could disrupt website operations by resetting critical plugin settings, potentially disabling notifications or altering user experience. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. Organizations using this plugin should monitor for updates and consider immediate mitigation steps.

For European organizations, this vulnerability poses a risk primarily to the integrity and availability of WordPress sites using the Popup Builder plugin. Unauthorized resetting of plugin settings can lead to loss of customized configurations, disabling of important notification features, or unintended exposure to further security risks if default settings are less secure. This could disrupt business operations, marketing campaigns, or user engagement efforts relying on popup notifications. Although the vulnerability does not directly expose confidential data, the potential for service disruption and integrity compromise can affect customer trust and operational continuity. Since the exploit requires only low-level authenticated access, attackers could leverage compromised or low-privilege accounts to cause damage. Organizations with public-facing WordPress sites or those relying heavily on popup notifications for user interaction are particularly vulnerable. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

European organizations should take the following specific steps to mitigate this vulnerability: 1) Immediately review user roles and permissions in WordPress to ensure that Subscriber-level accounts are limited and monitored, reducing the risk of unauthorized access. 2) Restrict or disable the Popup Builder plugin if it is not essential, or replace it with alternative plugins that have verified security. 3) Implement web application firewalls (WAFs) with rules to detect and block unauthorized attempts to invoke the easynotify_cp_reset() function or similar plugin reset actions. 4) Monitor WordPress logs for unusual activity related to plugin settings changes, especially from low-privilege accounts. 5) Engage with the plugin vendor or community to obtain patches or updates as soon as they become available; if none exist, consider applying custom authorization checks or disabling the vulnerable function via code modifications. 6) Educate site administrators and users about the risks of low-privilege account compromise and enforce strong authentication mechanisms, including multi-factor authentication where possible. 7) Regularly back up WordPress site configurations and plugin settings to enable rapid restoration if unauthorized resets occur.