CVE-2025-48140
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48140 is a critical Remote Code Execution (RCE) vulnerability in the MetalpriceAPI WordPress plugin versions up to 1.1.4. It allows a malicious actor with at least contributor-level privileges to execute arbitrary commands on the target website, potentially gaining backdoor access and full control over the site. This vulnerability is caused by improper control of code generation, classified as a code injection issue. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including allowing attackers to execute arbitrary code remotely on your website, leading to full site compromise. Attackers could gain backdoor access, manipulate site content, steal data, or use the site for malicious purposes. Because exploitation is automated and opportunistic, unpatched sites are at high risk. Recovery may require professional incident response and server-side malware scanning. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unusual or unauthorized execution of commands on the WordPress site using the MetalpriceAPI plugin version 1.1.4 or earlier. Since the vulnerability allows remote code execution, checking web server logs for suspicious requests targeting the plugin endpoints is recommended. Additionally, scanning for signs of backdoor access or unexpected processes may help. However, plugin-based malware scanners may be unreliable due to tampering. It is advised to contact hosting providers for server-side malware scanning. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block attacks until you can update. The most effective mitigation is to update the MetalpriceAPI plugin to version 1.1.5 or later, which contains the fix. Enabling the auto-update feature for the plugin can ensure rapid protection. If compromise is suspected, contact your hosting provider for professional incident response and server-side malware scanning. [1]