CVE-2025-30932: 
WordPress vulnerability analysis and mitigation

Missing Authorization vulnerability was discovered in WP Compress for MainWP plugin version 6.30.32 and earlier, identified as CVE-2025-30932. The vulnerability was disclosed on June 5, 2025, and allows exploiting incorrectly configured access control security levels. This security issue affects the WordPress plugin WP Compress for MainWP through version 6.30.32 (Patchstack, NVD).

The vulnerability is classified as a Missing Authorization (CWE-862) issue with a CVSS v3.1 Base Score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L. The vulnerability requires a low privilege level (Subscriber) to exploit and is characterized as a broken access control issue, where there is a missing authorization, authentication, or nonce token check in a function (Patchstack).

The vulnerability could allow an unprivileged user to execute certain higher privileged actions due to broken access control mechanisms. The CVSS scoring indicates potential impacts on integrity and availability are both rated as Low, while there is no impact on confidentiality (Patchstack).

As of the vulnerability disclosure, no official fix is available for this security issue. Given the low severity impact, virtual patching (vPatch) has been deemed unnecessary (Patchstack).