CVE-2025-49077
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress Dynamic Pricing and Discount Rules plugin up to version 2.2.9. It allows an attacker to trick authenticated users with higher privileges into performing unauthorized actions on the site without their consent, potentially compromising site integrity. The vulnerability requires no authentication to exploit and is classified under OWASP Top 10 A1: Broken Access Control. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your WordPress site if a privileged user is tricked into performing them. This could lead to compromised site integrity, such as unintended changes to pricing or discount rules. Although the risk is considered low and exploitation is unlikely to be widespread, it is recommended to update the plugin to version 2.3.0 or later to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves checking the version of the WordPress Dynamic Pricing and Discount Rules plugin installed on your system. If the plugin version is 2.2.9 or earlier, it is vulnerable. You can detect the plugin version by running commands such as 'wp plugin list' if you have WP-CLI installed, or by inspecting the plugin files directly in the WordPress admin dashboard or filesystem. There are no specific network commands provided to detect exploitation attempts for this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the WordPress Dynamic Pricing and Discount Rules plugin to version 2.3.0 or later, where the vulnerability is fixed. Additionally, Patchstack offers virtual patching (vPatching) that can provide immediate protection before applying the official update. Applying such virtual patches can help reduce risk while planning the update. [1]