CVE-2025-22730: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in Ksher plugin versions up to 1.1.2, identified as CVE-2025-22730. The vulnerability allows exploiting incorrectly configured access control security levels. The issue was discovered on January 15, 2025, and affects the Ksher WordPress plugin through version 1.1.2 (Patchstack).

The vulnerability is classified as a broken access control issue, which refers to a missing authorization, authentication, or nonce token check in a function that could allow an unprivileged user to execute certain higher privileged actions. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L (Patchstack).

The vulnerability is considered moderately dangerous and is expected to become exploited. It could allow unauthorized users to perform actions that should be restricted to users with higher privileges (Patchstack).

Users are advised to update to version 1.1.3 or later to resolve the vulnerability. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking any attacks until the update to a fixed version can be completed (Patchstack).