CVE-2025-30592: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability in westerndeal Advanced Dewplayer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Advanced Dewplayer versions through 1.6. The vulnerability was discovered and disclosed on March 24, 2025, and has been assigned a CVSS v3.1 base score of 5.3 (Medium) (Patchstack).

The vulnerability is classified as CWE-862 (Missing Authorization) and involves broken access control issues in the Advanced Dewplayer WordPress plugin. The CVSS v3.1 vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating that the vulnerability can be exploited over the network, requires low attack complexity, and needs no privileges or user interaction (Patchstack).

The vulnerability allows unauthorized access to certain functions due to missing authorization checks. The impact is primarily limited to confidentiality breaches, with no direct impact on integrity or availability of the system (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects Advanced Dewplayer through version 1.6, and users are advised to implement additional access controls or consider alternative solutions (Patchstack).