CVE-2025-49511
BaseFortify
Publication date: 2025-06-10
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49511 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Civi Framework plugin versions up to 2.1.6. It allows attackers to trick authenticated users with higher privileges into executing unwanted actions without their consent, such as deactivating users or making unauthorized changes. This happens because the plugin does not properly verify the legitimacy of requests, enabling attackers to exploit this flaw remotely without needing authentication. [1]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized actions being performed by privileged users without their knowledge, such as user deactivation or other changes that could disrupt the normal operation of the system. Since it can be exploited remotely and without authentication, it poses a risk of automated attacks targeting all vulnerable sites indiscriminately. The impact includes potential service disruption and unauthorized modifications, which could affect the integrity and availability of the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the version of the Civi Framework WordPress plugin installed on your system. If the plugin version is up to and including 2.1.6, it is vulnerable. You can detect the plugin version by running commands such as 'wp plugin list' if you have WP-CLI installed, which will show the installed plugins and their versions. Additionally, monitoring for unusual user deactivation actions or unauthorized changes triggered without user intent may indicate exploitation attempts. There are no specific network commands provided for direct detection of this CSRF vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate steps to mitigate this vulnerability are to update the Civi Framework WordPress plugin to version 2.1.6.4 or later, where the vulnerability is fixed. If updating immediately is not possible, applying Patchstack's virtual patching (vPatching) can provide rapid protection against exploitation. Additionally, monitoring for suspicious activity and seeking professional incident response or server-side malware scanning in case of compromise is recommended. [1]