CVE-2025-30619: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability affects SpeakPipe plugin versions through 0.2. The vulnerability was discovered and reported by Nguyen Xuan Chien on March 15, 2025, and was officially published on March 24, 2025. The issue has been assigned CVE-2025-30619 and received a CVSS v3.1 base score of 5.4 (Medium) (Patchstack).

The vulnerability is classified as Cross-Site Request Forgery (CWE-352) with a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L. The vulnerability requires user interaction but can be exploited without authentication. The technical assessment indicates low complexity for exploitation with network-based attack vectors (Patchstack).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is considered low severity with potential for limited integrity and availability compromise (Patchstack).

Currently, there is no official fix available for this vulnerability. The issue affects SpeakPipe versions through 0.2, and no patched version has been released (Patchstack).