What the vulnerability does
01Description
Missing Authorization vulnerability in WP Compress WP Compress for MainWP wp-compress-mainwp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress for MainWP: from n/a through <= 6.30.32.
Explanation of Vulnerability in Simple Terms
02Summary
WP Compress for MainWP versions up to 6.30.32 lack proper authorization checks, allowing authenticated users with low privileges to modify or disable site functionality. An attacker with a basic user account can alter compression settings or trigger availability issues without proper permission validation. Update to a version newer than 6.30.32 to restore access controls.
What an attacker can do
03Attacker Capabilities
Modify compression settings or cause service disruption with a low-privilege user account.
Potential impact on your site
04Site Impact
Unauthorized users can degrade site performance or disable compression features, affecting page load times and user experience.
Conditions required to exploit
05Prerequisites
Attacker needs a valid low-privilege user account on the MainWP site; no special interaction required.
Key dates
06Disclosure timeline
June 6, 2025
CVE published
April 28, 2026
Record updated