CVE-2025-49975
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress JobWP plugin up to version 2.4.0. It allows a malicious actor to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent, potentially compromising the site's integrity. The attacker does not need any privileges to exploit this vulnerability. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to cause privileged users to unknowingly execute unwanted actions on your WordPress site using the JobWP plugin. This can lead to compromised site integrity, unauthorized changes, or other malicious activities. Although the severity is considered low and exploitation is unlikely to be widespread, it still poses a risk to site security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands provided for this vulnerability. Since it is a Cross Site Request Forgery (CSRF) vulnerability in the JobWP WordPress plugin up to version 2.4.0, detection typically involves monitoring for unusual or unauthorized actions performed by authenticated users. Users are advised to monitor their systems for suspicious activity related to the JobWP plugin. No direct network or system commands for detection are mentioned. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which provides automatic protection without an official patch. Since no official fixed version is available, users should implement protective measures such as restricting access to the plugin, monitoring user actions, and applying virtual patches to reduce risk. It is also recommended to keep an eye on updates from the plugin developer or security advisories for future patches. [1]