CVE-2025-23969
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the KI Live Video Conferences WordPress plugin (up to version 5.5.15) allows unauthenticated attackers to access sensitive system information that should normally be restricted. It is classified as a Sensitive Data Exposure issue under OWASP Top 10 category A1: Broken Access Control. Essentially, attackers can retrieve embedded sensitive data without needing to log in or have permissions. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive information, which may enable attackers to exploit other weaknesses in the system. Although the severity is rated as low (CVSS 5.3) and exploitation is considered unlikely, the exposure of sensitive data can compromise system security and privacy. There is currently no official patch, so users should monitor for updates and consider mitigation strategies like virtual patching or server-side malware scanning if compromise is suspected. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized access attempts to the KI Live Video Conferences plugin endpoints, especially those that do not require authentication but expose sensitive data. Since no official detection commands are provided, users are advised to perform server-side malware scanning if compromise is suspected and to monitor network traffic for unusual requests targeting the plugin. Specific commands are not detailed in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) on the server to block unauthorized access to the vulnerable plugin endpoints, monitoring for suspicious activity, and performing server-side malware scans if compromise is suspected. Users should also stay alert for updates or official patches from the plugin developers, although no official fix is currently available. [1]