Medium severity4.3NVD Advisory· Published Jun 6, 2025· Updated Apr 23, 2026No known patch

CVE-2025-30978

No known patch is available for this vulnerability.

The affected plugin has been removed from the WordPress.org directory (reason: Security Issue), and no patched version is being distributed through the official directory. If you have the affected software installed, you should uninstall or replace it rather than wait for an update.

CVE-2025-30978

Description

Missing Authorization vulnerability in Slack Notifications by dorzki plugin (≤2.0.7) allows attackers to exploit incorrectly configured access controls.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing Authorization vulnerability in Slack Notifications by dorzki plugin (≤2.0.7) allows attackers to exploit incorrectly configured access controls.

Vulnerability

The Slack Notifications by dorzki plugin (slug: dorzki-notifications-to-slack) for WordPress contains a Missing Authorization vulnerability [1]. Versions through 2.0.7 are affected. The issue arises from incorrectly configured access control security levels, allowing unauthorized exploitation.

Exploitation

An attacker with no special privileges can exploit the missing authorization check if the plugin is installed and active on a WordPress site. No authentication or user interaction is required beyond being able to send requests to the plugin's endpoints. The exact attack vector is not detailed in the available references, but the nature of the vulnerability indicates that direct network requests can trigger actions or access data meant to be restricted.

Impact

Successful exploitation could lead to unauthorized actions or information disclosure, depending on the specific endpoint exposed. The vulnerability is classified with a CVSS v3 score of 4.3 (Medium), indicating limited impact but potential for partial compromise. The plugin has been closed and removed from the WordPress.org plugin directory due to a security issue [1].

Mitigation

The plugin has been closed and removed from the official WordPress.org plugin directory as of May 1, 2025 [1]. No patched version is available through the official channel. Users should immediately uninstall the plugin from their WordPress sites [1]. There is no known workaround except complete removal. The plugin is not listed in the CISA KEV catalog at this time.

References

[CLOSED] Slack Notifications by dorzki

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Dorzki Notifications To Slackinferred2 versions
<=2.0.7+ 1 more
- (no CPE)range: <=2.0.7
- (no CPE)range: <=2.0.7
Package: https://wordpress.org/plugins/dorzki-notifications-to-slack

Patches

Plugin removedSlack Notifications by dorzkidorzki-notifications-to-slack

This plugin has been removed from the WordPress.org directory on 2025-05-01 (reason: Security Issue). No patched version is being distributed through the official directory. Users who have it installed should uninstall it.

Source: api.wordpress.org · directory page

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/dorzki-notifications-to-slack/vulnerability/wordpress-slack-notifications-by-dorzki-2-0-7-broken-access-control-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000