CVE-2025-49510
BaseFortify
Publication date: 2025-06-10
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress plugin 'Min Max Step Quantity Limits Manager for WooCommerce' up to version 5.1.0. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising site integrity. The vulnerability requires no authentication to exploit and is classified under OWASP Top 10 A1: Broken Access Control. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your WooCommerce site through privileged users, potentially leading to compromised site integrity. However, the impact is considered low severity with a CVSS score of 4.3, and the likelihood of exploitation is low. It is recommended to update the plugin to version 5.1.1 or later to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be done by identifying if the WordPress site is running the vulnerable plugin version (up to 5.1.0). You can check the installed plugin version via the WordPress admin dashboard or by running commands on the server such as: `wp plugin list` (using WP-CLI) to see the version of 'Min Max Step Quantity Limits Manager for WooCommerce'. There are no specific network commands provided to detect exploitation attempts. Monitoring for unusual POST requests that could indicate CSRF attempts may help, but no explicit commands are given. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the 'Min Max Step Quantity Limits Manager for WooCommerce' plugin to version 5.1.1 or later, where the vulnerability is fixed. Additionally, Patchstack offers a virtual patching (vPatch) solution that can auto-mitigate the vulnerability before applying the official patch. Applying this virtual patch can provide immediate protection. Since the vulnerability requires no authentication to exploit, updating or applying the virtual patch is critical. [1]