CVE-2025-30624
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30624 is a Broken Access Control vulnerability in the WordPress WordLift plugin up to version 3.54.4. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which may allow users with only Subscriber-level privileges to perform actions that should be restricted to higher-privileged users. This vulnerability is categorized under OWASP Top 10 A1: Broken Access Control and has a low severity rating with a CVSS score of 4.3. [1]
How can this vulnerability impact me? :
This vulnerability could allow low-privileged users (Subscribers) to perform unauthorized actions within the WordLift plugin, potentially leading to unauthorized changes or misuse of plugin functionality. Although the risk is considered low and exploitation unlikely, if exploited, it could compromise the integrity of the plugin's operations. There is currently no official patch, but virtual patching is recommended as a mitigation strategy. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves missing authorization checks in the WordLift plugin allowing Subscriber-level users to perform higher-privileged actions. Detection would involve monitoring for unauthorized actions performed by Subscriber-level accounts within WordPress, especially actions normally restricted to higher privilege roles. Since no specific detection commands or signatures are provided, it is recommended to audit WordPress logs for unusual privilege escalations or unauthorized access attempts related to the WordLift plugin. No explicit commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing virtual patching (vPatching) to auto-mitigate the vulnerability since no official patch is available. Additionally, restrict Subscriber-level privileges where possible, monitor for suspicious activity, and seek professional incident response if compromise is suspected. Users should also consider disabling or removing the WordLift plugin until a fix is released. [1]