CVE-2025-48139
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48139 is a Broken Access Control vulnerability in the WordPress StyleAI plugin (up to version 1.0.4) caused by missing authorization, authentication, or nonce token checks in certain plugin functions. This allows unauthenticated users to perform actions that normally require higher privileges, effectively enabling unauthorized access or actions without needing to log in. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to access or perform actions within the StyleAI plugin that should be restricted, potentially leading to unauthorized changes or data exposure. Since no authentication is required, attackers can exploit this remotely, increasing the risk of compromise. The impact depends on the context but generally involves unauthorized access and manipulation of plugin functionality. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific commands provided to detect this vulnerability on your network or system. Users are advised to seek professional incident response services if their websites have been compromised, as plugin-based malware scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the virtual patch (vPatch) released by Patchstack, which blocks attack attempts until an official patch is available. Users should apply this virtual patch promptly to protect affected sites. [1]