CVE-2025-28986
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Epicwin Plugin (up to version 1.5) that allows attackers to perform SQL Injection attacks. It works by tricking authenticated users, especially those with higher privileges, into executing unintended actions without their consent by exploiting their current authentication state. This can lead to unauthorized database manipulation. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to manipulate the database through SQL Injection by exploiting authenticated users' sessions. This can lead to data breaches, unauthorized data modification, and potential compromise of the affected website. Since the plugin is abandoned and unpatched, the risk remains high unless mitigated by virtual patching or replacement. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious CSRF attempts targeting the Epicwin Plugin, especially attempts that could lead to SQL Injection. Since the vulnerability exploits authenticated users, network monitoring for unusual POST requests to the plugin's endpoints may help. However, no specific detection commands are provided. It is recommended to perform server-side malware scanning and professional incident response if compromise is suspected, as plugin-based scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the Epicwin Plugin with an alternative solution, as no official patch is available and the plugin is abandoned. Deactivating the plugin alone is insufficient unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as an immediate protective measure that auto-mitigates the vulnerability. Rapid deployment of protection is critical due to the high severity and exploitability of the vulnerability. [1]