Specific Content For Mobile < 0.5.4 – Missing Authorization | CVE 2025-30874 | Plugin Vulnerabilities

Description

The Specific Content For Mobile – Customize the mobile version without redirections plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.5.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to perform an unauthorized action.

Affects Plugins

specific-content-for-mobile

Fixed in 0.5.4

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/58b48d86-9b88-468b-878d-1fabd3c3d778

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Peter Thaleikis

Verified

No

WPVDB ID

9579242d-9ad4-4cca-aafa-c5d4ff08bd93

Timeline

Publicly Published

2025-03-27 (about 1 year ago)

Added

2025-04-02 (about 1 year ago)

Last Updated

2025-04-02 (about 1 year ago)

Other

Published

Title

Published

2026-02-11

Title

Exzo <= 1.2.4 - Missing Authorization

Published

2025-01-23

Title

Jobify - Job Board WordPress Theme < 4.2.8 - Missing Authorization to Unauthenticated Server-Side Request Forgery, Arbitrary Image Upload, and Image Generation

Published

2025-02-27

Title

Cardealer < 1.6.5 - Arbitrary Theme Option Update to Authenticated (Subscriber+) Privilege Escalation

Published

2025-11-20

Title

Payment Gateway bKash for WC <= 3.1.0 - Missing Authorization

Published

2025-06-02

Title

Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin < 6.5.0 - Missing Authorization