CVE-2025-30934
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30934 is a Broken Access Control vulnerability in the WordPress 診断ジェネレータ作成プラグイン (Diagnostic Generator Creation Plugin) versions up to 1.4.16. It occurs because certain plugin functions lack proper authorization, authentication, or nonce token checks, allowing unauthenticated users to perform actions that normally require higher privileges. This means attackers can access or use functionality they should not be able to, due to missing access restrictions. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated users to escalate privileges and perform restricted actions within the affected plugin. Although it has a low severity score (5.3) and is considered unlikely to be widely exploited, if successfully attacked, it could lead to unauthorized changes or misuse of the plugin's functionality. There is no official patch available yet, but mitigations like Patchstack's virtual patching can reduce risk. If compromised, professional incident response and server-side malware scanning are recommended. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for unauthorized access attempts to the affected plugin's functions that lack proper authorization checks. Since the vulnerability allows unauthenticated users to perform privileged actions, monitoring web server logs for suspicious requests targeting the 診断ジェネレータ作成プラグイン endpoints is recommended. Additionally, professional incident response and server-side malware scanning are advised, as plugin-based malware scanners may be unreliable. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching solutions provided by Patchstack to block exploitation attempts, monitoring for suspicious activity, and performing professional incident response and server-side malware scanning if compromise is suspected. Since no official patch or fixed version is available as of the publication date, relying on virtual patching and enhanced monitoring is recommended. [1]