Weak Authentication Vulnerability in AresIT WP Compress Plugin
CVE-2025-47479

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: WP Compress
Vendor: CVE Published:; 4 July 2025

What is CVE-2025-47479?

AresIT WP Compress contains a weak authentication vulnerability that can lead to authentication abuse. This issue affects versions from n/a through 6.30.30, potentially allowing unauthorized access and manipulation of user privileges. It is essential for users and administrators to take appropriate measures to protect their systems from exploitation.

Affected Version(s)

WP Compress <= 6.30.30

References

https://patchstack.com/database/wordpress/plugin/wp-compr...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2025
Vulnerability Reserved
May 7, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

WordPress

What is CVE-2025-47479?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit