CVE-2025-30932
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30932 is a Broken Access Control vulnerability in the WordPress plugin WP Compress for MainWP (versions up to 6.30.32). It occurs because of missing authorization, authentication, or nonce token checks in certain plugin functions. This allows users with low privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. It is classified under OWASP Top 10 category A1: Broken Access Control and has a low severity rating with a CVSS score of 5.4. [1]
How can this vulnerability impact me? :
This vulnerability can allow unprivileged users to perform actions reserved for higher-privileged users within the WP Compress for MainWP plugin. This could lead to unauthorized changes or operations on the website, potentially compromising the site's integrity or functionality. However, the vulnerability is considered low severity and unlikely to be exploited in practice. No official patch is available yet, but virtual patching is provided as a mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from missing authorization checks allowing Subscriber-level users to perform higher-privileged actions. Detection involves monitoring for unauthorized access attempts or privilege escalations related to the WP Compress for MainWP plugin. Since no official patch or specific detection commands are provided, it is recommended to perform professional incident response and server-side malware scanning to identify potential exploitation. Plugin-based malware scanners are not reliable due to possible tampering. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying Patchstack's virtual patching (vPatching) technology, which auto-mitigates the vulnerability even without an official fix. Additionally, it is advised to monitor for suspicious activity, restrict Subscriber-level privileges where possible, and prepare for professional incident response if compromise is suspected. Since no official patch is available as of the publication date, relying on virtual patching and security best practices is essential. [1]