CVE-2025-49272
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49272 is a Broken Access Control vulnerability in the WordPress Trinity Audio plugin (up to version 5.20.0). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unauthenticated users to perform actions that normally require higher privileges. This means attackers can exploit incorrectly configured access control security levels to bypass restrictions. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated users to perform privileged actions within the Trinity Audio plugin, potentially leading to unauthorized changes or misuse of the plugin's features. Although the severity is considered low (CVSS 4.3) and it is unlikely to be widely exploited, it still poses a risk of unauthorized access and manipulation of plugin functionality if not patched. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying unauthorized access attempts or actions performed without proper authorization in the Trinity Audio WordPress plugin up to version 5.20.0. Since the vulnerability allows unauthenticated users to perform privileged actions due to missing authorization checks, monitoring web server logs for suspicious requests targeting Trinity Audio plugin endpoints may help. However, no specific detection commands or signatures are provided. Using web application firewalls or security plugins that can detect broken access control attempts may assist in detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Trinity Audio WordPress plugin to version 5.20.1 or later, where the vulnerability is fixed. If updating is not immediately possible, applying virtual patching (vPatching) offered by Patchstack can provide automatic protection against this vulnerability. Additionally, monitoring for suspicious activity and considering professional incident response services if compromise is suspected are recommended. [1]