CVE-2025-49968
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the Oganro XML Travel Portal Widget plugin for WordPress, affecting versions up to 2.0. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions without their consent, potentially compromising site security. The vulnerability does not require authentication to exploit and is classified under broken access control. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized actions being performed on your site by tricking privileged users, which may compromise the security and integrity of your website. Since the plugin is abandoned and unpatched, the risk remains unless you remove the plugin or apply a virtual patch. Automated attacks can target any site using the vulnerable plugin versions. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability is challenging because plugin-based malware scanners may be unreliable. Since the vulnerability allows Cross Site Request Forgery (CSRF) attacks without authentication, monitoring for unusual or unauthorized actions performed by authenticated users could indicate exploitation. However, no specific detection commands or signatures are provided. It is recommended to review web server logs for suspicious POST requests targeting the XML Travel Portal Widget plugin endpoints and to monitor user activity for unexpected changes. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable XML Travel Portal Widget plugin with an alternative plugin, as no official patch or fix is available and the plugin is abandoned. Applying a virtual patch (vPatch) from Patchstack can provide automatic protection against exploitation. Deactivating the plugin alone does not eliminate the risk. Additionally, consider seeking professional incident response services if compromise is suspected. [1]