CVE-2025-49996
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability allows unauthenticated users to access functionality that should be restricted, potentially leading to unauthorized actions on your WordPress site. Although the CVSS score indicates a low severity impact, exploitation could result in limited availability issues or unauthorized changes. There is no official patch yet, but virtual patching is available as a mitigation. [1]
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress WP Visitor Statistics (Real Time Traffic) plugin up to version 7.8. It occurs because certain functions lack proper authorization, authentication, or nonce token checks, allowing unauthenticated users to perform actions that should require higher privileges. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is available for this vulnerability, immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which automatically protects against this vulnerability. Additionally, monitoring for unauthorized access and seeking professional incident response if compromise is suspected are recommended. [1]