CVE-2025-30803: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-30803) was discovered in Greg Ross's Just Writing Statistics WordPress plugin affecting versions through 5.3. The vulnerability was reported by Trương Hữu Phúc on February 21, 2025, and was publicly disclosed on March 27, 2025 (Patchstack).

The vulnerability is classified as a Missing Authorization issue (CWE-862) that allows exploiting incorrectly configured access control security levels. The CVSS v3.1 base score is 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The vulnerability requires subscriber-level privileges to exploit (Patchstack, NVD).

The vulnerability is categorized as a broken access control issue, which could potentially allow an unprivileged user to execute certain higher privileged actions. The severity is considered low, with limited impact on the integrity of the system (Patchstack).

The vulnerability has been fixed in version 5.4 of the Just Writing Statistics plugin. Users are recommended to update to version 5.4 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).