CVE-2025-30636
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-06

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Missing Authorization vulnerability in Ability, Inc Accessibility Suite online-accessibility allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accessibility Suite: from n/a through <= 4.19.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-06
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2025-06-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-30636
EUVD
EUVD-2025-17197
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-30636 is a Broken Access Control vulnerability in the WordPress Accessibility Suite plugin versions up to 4.19. It occurs because of missing authorization, authentication, or nonce token checks in certain functions, allowing users with low privileges (Subscriber-level) to perform actions meant for higher-privileged users. This flaw is categorized under OWASP Top 10 A1: Broken Access Control and has a low severity score of 5.4. [1]


How can this vulnerability impact me? :

This vulnerability can allow unprivileged users to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or disruptions within the WordPress site using the Accessibility Suite plugin. Although the severity is low and exploitation is considered unlikely, if exploited, it could lead to integrity and availability impacts on the affected system. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of CVE-2025-30636 involves identifying unauthorized actions performed by Subscriber-level users within the WordPress Accessibility Suite plugin (versions up to 4.19). Since the vulnerability arises from missing authorization checks, monitoring logs for privilege escalation attempts or unexpected changes by low-privileged users is recommended. However, plugin-based malware scanners may be unreliable for this vulnerability. No specific detection commands are provided. It is advised to seek professional incident response or hosting provider assistance for detection. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include applying Patchstack's virtual patching (vPatch) solution, which auto-mitigates the vulnerability without requiring an official patch. Since no official fix or patched version is available as of the publication date, virtual patching is the recommended approach. Additionally, monitoring for suspicious activity and seeking professional incident response or hosting provider assistance if compromise is suspected are advised. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart