CVE-2025-48147
BaseFortify
Publication date: 2025-06-09
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48147 is a Missing Authorization vulnerability in the CryptoCloud - Crypto Payment Gateway WordPress plugin up to version 2.1.2. It is a Broken Access Control issue where certain functions lack proper authorization, authentication, or nonce token checks. This allows unauthenticated users to perform actions that should be restricted to higher privileged users, making the vulnerability moderately dangerous and exploitable. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to perform privileged actions within the CryptoCloud payment gateway plugin, potentially leading to unauthorized manipulation of payment processes or other sensitive operations. Since the plugin is abandoned with no available fix or virtual patch, the risk remains unless the plugin is removed and replaced. If exploited, it could lead to security breaches and compromise of the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the CryptoCloud - Crypto Payment Gateway plugin version is up to and including 2.1.2 on your WordPress installation. Since the issue involves missing authorization checks allowing unauthenticated users to perform privileged actions, monitoring for unusual or unauthorized access attempts to plugin endpoints could help. However, no specific detection commands or tools are provided. It is recommended to perform professional incident response and server-side malware scanning if compromise is suspected, as plugin-based malware scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to remove and replace the CryptoCloud - Crypto Payment Gateway plugin, as no official fix or updated version is available and no virtual patch can be applied. Deactivating the plugin alone does not eliminate the security risk. Users should seek professional incident response and conduct server-side malware scanning if compromise is suspected. [1]