CVE-2025-30978
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-30978 is a Broken Access Control vulnerability in the WordPress plugin 'Slack Notifications by dorzki' up to version 2.0.7. It involves missing authorization or security checks that could allow a user with low privileges (Subscriber-level) to perform actions that should be restricted to higher privileged users. This means unauthorized users might exploit the plugin to execute certain functions without proper permission. [1]
How can this vulnerability impact me? :
This vulnerability could allow an unprivileged user to perform actions reserved for higher privileged users within the plugin, potentially leading to unauthorized changes or operations. However, the impact is considered low severity with a CVSS score of 4.3, and exploitation is unlikely. There is no official fix yet, so users are advised to use virtual patching solutions and seek professional help if they suspect compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unauthorized actions performed by users with Subscriber-level privileges that should require higher privileges. Since this is a broken access control vulnerability in the Slack Notifications by dorzki WordPress plugin, you can audit WordPress logs for suspicious activity or unauthorized access attempts related to the plugin's functions. Specific commands are not provided in the resources, but general approaches include reviewing web server logs, WordPress activity logs, and using security plugins to detect privilege escalation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack to protect against exploitation in the absence of an official plugin update. Additionally, restrict Subscriber-level user capabilities where possible, monitor for suspicious activity, and seek professional incident response if compromise is suspected. Since no official fix is available as of the publication date, relying on Patchstack's virtual patching is recommended. [1]