CVE-2025-31774: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-31774) was discovered in WebProtect.ai Astra Security Suite versions through 0.2. The vulnerability was reported by security researcher Dhabaleshwar Das on December 24, 2024, and was publicly disclosed on April 1, 2025 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) that stems from missing authorization checks. It received a CVSS v3.1 Base Score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, indicating it can be exploited remotely with low attack complexity and requires no privileges or user interaction (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to incorrectly configured access control security levels. The impact is considered low severity, though it could potentially lead to unauthorized access to protected functionality (Patchstack).

No official fix is available for this vulnerability. The recommended mitigation is to remove and replace the software with an alternative solution, as the Astra Security Suite appears to be abandoned and is unlikely to receive further updates or security fixes (Patchstack).