CVE-2025-30851: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was identified in the Tickera WordPress plugin affecting versions up to 3.5.5.2. The vulnerability was discovered by Peter Thaleikis and publicly disclosed on March 27, 2025. This security issue is classified as a broken access control vulnerability that could allow unprivileged users to execute higher privileged actions (Patchstack).

The vulnerability has been assigned CVE-2025-30851 and received a CVSS v3.1 score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The issue is categorized under CWE-862 (Missing Authorization) and represents a broken access control vulnerability that stems from incorrectly configured access control security levels (NVD).

The vulnerability allows for broken access control, which could potentially enable subscribers or unprivileged users to perform actions that should be restricted to users with higher privileges. The CVSS score of 4.3 indicates a relatively low severity impact (Patchstack).

The vulnerability has been fixed in version 3.5.5.3 of the Tickera plugin. Users are advised to update to this version or later to remove the vulnerability. The issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).