Access Control Vulnerability in Z Companion Plugin by WordPress
CVE-2025-30817
5.4MEDIUM
What is CVE-2025-30817?
A missing authorization vulnerability within the Z Companion Plugin can lead to improperly configured access control levels, potentially enabling unauthorized access to sensitive resources. This issue particularly affects versions up to 1.0.13 of the Z Companion Plugin, emphasizing the importance of regular updates to mitigate security risks.
Affected Version(s)
Z Companion <= 1.0.13
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)