CVE-2025-30825: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability was discovered in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce plugin affecting versions through 1.3.5. The vulnerability was disclosed on April 1, 2025, and assigned CVE-2025-30825 (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue is classified as CWE-862: Missing Authorization, which could allow privilege escalation in the WordPress plugin (NVD).

This vulnerability allows authenticated attackers with Contributor-level access to escalate their privileges, potentially gaining administrative access to the affected WordPress installation. A successful exploit could lead to complete compromise of the website if administrative privileges are obtained (Patchstack).

The vulnerability has been fixed in version 1.3.6 of the plugin. Users are advised to update to this version or later immediately. For users unable to update immediately, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks (Patchstack).