CVE-2025-47563
WordPress CURCY plugin <= 2.3.7 - Arbitrary Shortcode Execution vulnerabilityMissing Authorization vulnerability in villatheme CURCY allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects CURCY: from n/a through 2.3.7.
We have discovered 2,546 live websites that are affected by CVE-2025-47563.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,546 live websites (87.85% of CURCY install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 64 versions ( 96.97% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - May 16, 2025
- Updated - May 16, 2025
Credits
- Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2025-47563 usage by Country
 United States | 1,170 websites |
 Turkey | 196 websites |
 Germany | 190 websites |
 Cyprus | 151 websites |
 GB | 126 websites |
 France | 88 websites |
 Poland | 70 websites |
 Canada | 39 websites |
 South Africa | 32 websites |
 Denmark | 32 websites |
CVE-2025-47563 usage by TLD
| .com | 1,627 websites |
| .net | 57 websites |
| .co.uk | 53 websites |
| .de | 53 websites |
| .es | 46 websites |
| .org | 46 websites |
| .it | 37 websites |
| .pl | 31 websites |
| .eu | 27 websites |
| .ca | 23 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-47563
Top websites that are affected by CVE-2025-47563. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****************.com | Denmark | **,*** | |
| ********.com | Germany | ***,*** | |
| ************.*****.com | United States | ***,*** | |
| *****.org | Germany | ***,*** | |
| ***********.net | United States | ***,*** | |
| *****.com | United States | ***,*** | |
| ***************.com | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| *********.*********.com | United States | ***,*** | |
| ****************.ca | United States | ***,*** |
FAQ
CVE-2025-47563 is Missing Authorization in CURCY
A total of 2,546 websites have been identified as vulnerable to CVE-2025-47563, based on global website indexing conducted by WebTechSurvey.
The CURCY is affected by the CVE-2025-47563 vulnerability.
CURCY versions up to and including 2.3.7 are vulnerable to CVE-2025-47563.