CVE-2025-23974
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a high-severity privilege escalation issue in the WordPress One-Login plugin (versions up to 1.4). It allows an unauthenticated attacker with low privileges to escalate their access rights and potentially gain full control over the affected website. The problem is due to incorrect privilege assignment, classified under broken access control. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain full control over your website, leading to potential data breaches, unauthorized changes, and complete compromise of the site. Since the plugin is abandoned and no official fix is available, the risk of mass exploitation is high. Simply deactivating the plugin does not remove the risk; mitigation requires applying a virtual patch or replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve checking if the affected WordPress One-Login plugin version 1.4 or earlier is installed on your system. Since the vulnerability allows privilege escalation by unauthenticated attackers, monitoring for unusual privilege changes or unauthorized access attempts in your logs is important. Specific commands are not provided in the resources, but you can list installed plugins and their versions using WordPress CLI commands such as `wp plugin list` to identify if One-Login 1.4 or earlier is present. Additionally, monitoring web server logs for suspicious requests targeting the One-Login plugin endpoints may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the high-priority virtual patch (vPatch) issued by Patchstack to block attacks until an official fix is available. Users are strongly advised to apply this virtual patch or replace the One-Login plugin entirely, as simply deactivating the plugin does not remove the security risk. If your site has already been compromised, professional incident response is recommended. Since the plugin appears abandoned with no official fix, replacing or removing the plugin is the safest approach. [1]