CVE-2025-47561
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47561 is a privilege escalation vulnerability in the WordPress MapSVG plugin versions up to 8.5.34. It allows an attacker who already has low-level Contributor privileges to escalate their access rights, potentially gaining full control over the affected website. This vulnerability is related to improper privilege assignment and is classified under OWASP Top 10 A7: Identification and Authentication Failures. There is no official patch yet, but a virtual patch is available to mitigate the risk. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with low-level Contributor access to escalate their privileges and gain full control over your WordPress website. This means the attacker could modify content, install malicious code, steal data, or disrupt website operations. Because the vulnerability has a high CVSS score of 8.8, it poses a significant security risk and should be mitigated immediately to prevent exploitation. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively impact compliance with standards like GDPR and HIPAA because unauthorized privilege escalation may lead to unauthorized access to sensitive personal or protected health information. Such breaches can result in data exposure or loss, violating data protection requirements and potentially leading to legal and financial penalties. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress site is running the MapSVG plugin version 8.5.34 or earlier. Since the vulnerability allows privilege escalation from a Contributor account, monitoring for unusual privilege changes or unauthorized administrative access attempts is recommended. Patchstack suggests using server-side malware scanning or professional incident response services for suspected compromises, as plugin-based malware scanners may be unreliable. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) released by Patchstack, which blocks attack attempts until an official fix is available. It is recommended to implement this server-side mitigation promptly to prevent exploitation. Additionally, monitoring for suspicious activity and considering professional incident response services if compromise is suspected are advised. There is currently no official patch or fixed version for this vulnerability. [1]