CVE-2025-49284
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49284 is a Cross Site Request Forgery (CSRF) vulnerability in the WordPress plugin "WP Maintenance Mode & Site Under Construction" versions up to 4.3. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising site security. The vulnerability requires no authentication to exploit and is classified under OWASP Top 10 A1: Broken Access Control. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute unauthorized actions on your WordPress site if a privileged user is tricked into performing them. Although the risk is considered low and exploitation is unlikely, it can lead to compromised site security and unintended changes or disruptions. Updating the plugin to version 4.4 or later is recommended to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress plugin "WP Maintenance Mode & Site Under Construction" is installed and running a version up to 4.3. There are no specific network commands provided to detect exploitation attempts. You can check the plugin version via WordPress admin dashboard or by inspecting the plugin files. No direct commands for network or system detection are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the "WP Maintenance Mode & Site Under Construction" plugin to version 4.4 or later, where the vulnerability is fixed. Additionally, Patchstack offers virtual patching (vPatching) as an immediate protective measure that auto-mitigates the vulnerability even before official patches are released. Applying such virtual patches can provide temporary protection until the plugin is updated. [1]