CVE-2025-30980
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Simple Keyword to Link WordPress plugin (versions up to 1.5). It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising site security. The vulnerability requires no authentication to exploit and is classified under OWASP Top 10 category A1: Broken Access Control. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause privileged users to unknowingly execute actions that could alter site behavior or settings, potentially compromising the security or integrity of the website. However, the severity is considered low with a CVSS score of 4.3, and it is unlikely to be widely exploited. There is no official patch yet, but virtual patching is available as a mitigation. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or patched version is currently available for this vulnerability, immediate mitigation can be achieved by applying virtual patching (vPatch) offered by Patchstack, which provides automatic protection against the vulnerability. Additionally, users should remain vigilant, restrict access to higher privileged users, and consider other protective measures to reduce risk. [1]