CVE-2025-30797: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-30797) was discovered in the WordPress plugin Greek Multi Tool – Fix peralinks, accents, auto create menus and more, affecting versions through 2.3.1. The vulnerability was reported on February 22, 2025, by Trương Hữu Phúc and published on March 27, 2025 (Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue that allows exploiting incorrectly configured access control security levels. It received a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it is network-accessible, requires low attack complexity, and needs no privileges or user interaction to exploit (NVD).

The vulnerability is considered highly dangerous and is expected to become mass exploited. As a broken access control issue, it could allow unprivileged users to execute higher privileged actions, potentially compromising the security of affected WordPress installations (Patchstack).

Users are advised to update to version 2.3.2 or later to resolve the vulnerability. For immediate protection, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).