CVE-2025-66072
WordPress UsersWP plugin <= 1.2.47 - Broken Access Control vulnerabilityMissing Authorization vulnerability in Stiofan UsersWP userswp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UsersWP: from n/a through <= 1.2.47.
We have discovered 1,264 live websites that are affected by CVE-2025-66072.
Affected Software
| Product |  Userswp |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,264 live websites (37% of Userswp install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 80 versions ( 87% of all versions) |
Details
- Published - Nov 21, 2025
- Updated - Apr 1, 2026
Credits
- Legion Hunter | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-66072 United States | 425 websites |
 Germany | 119 websites |
 Italy | 93 websites |
 GB | 79 websites |
 France | 53 websites |
 Spain | 38 websites |
 Russia | 37 websites |
 Australia | 33 websites |
 Poland | 30 websites |
 India | 28 websites |
Website Distribution by TLD
Number of websites using CVE-2025-66072| .com | 504 websites |
| .org | 110 websites |
| .it | 63 websites |
| .de | 57 websites |
| .co.uk | 42 websites |
| .net | 40 websites |
| .ru | 30 websites |
| .pl | 25 websites |
| .fr | 22 websites |
| .com.au | 21 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-66072
Top websites that are affected by CVE-2025-66072. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *,*** | |
| *********.com | United States | **,*** | |
| ********.com | United States | ***,*** | |
| **.today | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| *****.org | United States | ***,*** | |
| ******.org | Germany | ***,*** | |
| **********.org | United States | ***,*** | |
| ******.com |  Cyprus | ***,*** |