CVE-2025-29005
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-29005 is a Cross Site Request Forgery (CSRF) vulnerability in the WordPress HR Management Lite plugin up to version 3.3. It allows a malicious actor to trick authenticated users with higher privileges into executing unwanted actions on the site without their consent, potentially compromising site integrity. Exploitation does not require authentication, but the impact is considered low. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your HR Management Lite plugin if you are an authenticated user with higher privileges. This could lead to compromised site integrity. However, the severity is low and exploitation is unlikely to be widespread. Users are advised to use virtual patching and seek professional incident response if compromise is suspected. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring for suspicious or unauthorized actions performed by authenticated users, as exploitation tricks privileged users into executing unwanted actions. Since no specific detection commands are provided, it is recommended to perform server-side malware scanning and professional incident response if compromise is suspected. Network detection might include monitoring for unusual HTTP requests that could trigger CSRF attacks, but no exact commands are specified. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack to automatically protect against this vulnerability in the absence of an official fix. Additionally, users should implement security best practices such as limiting user privileges, enabling CSRF protections if possible, and monitoring for suspicious activity. Seeking professional incident response and conducting server-side malware scanning is also advised if compromise is suspected. [1]