CVE-2025-49970
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49970 is a Broken Access Control vulnerability in the WordPress Hello FSE Blog theme (up to version 1.0.6) caused by missing authorization, authentication, or nonce token checks in certain functions. This flaw allows users with low-level privileges (Subscriber-level) to perform actions that should be restricted to higher privileged users, due to incorrectly configured access control security levels. [1]
How can this vulnerability impact me? :
This vulnerability can allow unprivileged users to perform unauthorized actions on a website using the affected theme, potentially leading to unauthorized changes or misuse of site functions. Since the theme is likely abandoned with no official fix, the risk remains unless the theme is removed or a virtual patch is applied. Deactivating the theme alone does not eliminate the risk. If exploited, it may require professional incident response as plugin-based malware scanners may not reliably detect compromises. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves missing authorization checks in the Hello FSE Blog WordPress theme up to version 1.0.6, allowing Subscriber-level users to perform higher privileged actions. Detection is challenging because plugin-based malware scanners may be unreliable. There are no specific commands provided for detection. It is recommended to review user privilege actions and monitor for unauthorized access attempts related to the theme's functions. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the Hello FSE Blog theme rather than just deactivating it, as deactivation alone does not eliminate the risk. Applying a virtual patch (vPatch) from Patchstack can provide rapid protection in absence of an official fix. Users should also consider professional incident response if compromise is suspected. [1]