CVE-2025-30945: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability was discovered in the Taskbuilder WordPress plugin affecting versions through 4.0.3. The vulnerability was disclosed on June 5, 2025, and assigned CVE-2025-30945. The issue allows accessing functionality not properly constrained by Access Control Lists (ACLs) (Patchstack, NVD).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 5.3 (Medium). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) and no user interaction (UI:N). The scope is unchanged (S:U) with low confidentiality impact (C:L), no integrity impact (I:N), and no availability impact (A:N) (Patchstack).

The vulnerability allows unauthenticated users to execute certain higher privileged actions due to missing authorization checks. While classified as low priority, it could potentially lead to unauthorized access to restricted functionality (Patchstack).

As of the disclosure date, no official fix is available for this vulnerability. The issue affects Taskbuilder versions through 4.0.3 (Patchstack).