CVE-2025-49439
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49439 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin Atelier Create CV versions up to 1.1.2. It allows an attacker to trick authenticated users with higher privileges into performing unauthorized actions without their consent. This means an attacker can cause changes or actions on the site by exploiting the trust a site has in the user's browser. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized changes or actions being performed on your WordPress site by attackers exploiting authenticated users with higher privileges. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patching or replacing the plugin. Deactivating the plugin alone does not fully remove the risk. This could compromise site integrity and potentially lead to further security issues. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability in the Atelier Create CV plugin is challenging because it involves unauthorized actions triggered by authenticated users without direct exploitation signatures. Plugin-based malware scanners may be unreliable for this issue. It is recommended to monitor for unusual or unauthorized changes in plugin settings or user actions within WordPress logs. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the Atelier Create CV plugin with an alternative solution, as the plugin is abandoned and no official patch is available. Deactivating the plugin alone does not fully eliminate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as a rapid protection method. Seeking professional incident response services is recommended if compromise is suspected. [1]