CVE-2025-30981
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress WP-Recall plugin (versions up to 16.26.14). It allows an attacker to trick authenticated users with higher privileges into performing unauthorized actions, which can lead to privilege escalation. Essentially, an attacker can exploit this flaw to gain higher access rights by making a privileged user unknowingly execute malicious requests. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to escalate their privileges by causing a higher privileged user to perform unauthorized actions. This could lead to unauthorized changes, data manipulation, or other malicious activities within the affected WordPress site. Although the risk is considered low and exploitation is unlikely, the impact includes potential loss of confidentiality, integrity, and availability of the system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands provided for this vulnerability. Users are advised to monitor for suspicious activity involving unauthorized actions executed by higher privileged users, as the exploit involves tricking authenticated users via CSRF. Since no official patch or detection signatures are available, monitoring logs for unusual privilege escalations or unexpected requests to the WP-Recall plugin may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which provides automatic protection against this vulnerability even without an official fix. Additionally, users should monitor for updates from the plugin developer and consider professional incident response if compromise is suspected. Limiting user privileges and educating users about CSRF risks can also help reduce exposure. [1]