CVE-2025-30927: 
WordPress vulnerability analysis and mitigation

The Wordapp WordPress plugin version 1.7.0 and below contains a Missing Authorization vulnerability (CVE-2025-30927) that was discovered and disclosed on June 5, 2025. The vulnerability allows attackers to exploit incorrectly configured access control security levels (NVD, Patchstack).

The vulnerability is classified as a Missing Authorization (CWE-862) issue with a CVSS v3.1 Base Score of 4.3 (Medium). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, indicating that the vulnerability can be exploited over the network, requires low attack complexity, needs low privileges, requires no user interaction, has unchanged scope, and can result in low confidentiality impact (NVD).

The vulnerability allows unauthorized access due to broken access control, which could enable an unprivileged user to execute certain higher privileged actions. The specific impact varies case by case, but primarily affects the confidentiality of the system (Patchstack).

No official fix is available for this vulnerability as the software appears to be abandoned, having not received updates for over a year. The recommended mitigation is to remove and replace the Wordapp plugin with an alternative solution (Patchstack).