CVE-2025-46257
BaseFortify
Publication date: 2025-06-05
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Element Pack Pro Plugin versions before 8.0.0. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising site security. The vulnerability requires no authentication to be exploited and is related to broken access control. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unwanted actions on your WordPress site through authenticated users with higher privileges. This can lead to unauthorized changes or actions being performed, potentially compromising the security and integrity of your site. Although the severity is low, it still poses a risk to site security if not addressed. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, update the BdThemes Element Pack Pro plugin to version 8.0.0 or later, where the issue is fixed. As an immediate protective measure before updating, you can use Patchstack's virtual patching (vPatching) service, which auto-mitigates the vulnerability even before official patches are applied. [1]