CVE-2025-52711
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress plugin 'Post and Page Builder by BoldGrid β Visual Drag and Drop Editor' up to version 1.27.8. It allows an attacker to trick authenticated users with higher privileges into executing unwanted actions on the site without their consent, potentially compromising site integrity. The vulnerability requires no authentication to exploit and is related to broken access control. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow attackers to perform unauthorized actions on your WordPress site by tricking privileged users into executing commands they did not intend. This can compromise the integrity of your site, potentially leading to unwanted changes or disruptions. However, the risk is considered low and exploitation is unlikely. It is recommended to update to version 1.27.9 or later to mitigate this issue. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves verifying the version of the Post and Page Builder by BoldGrid plugin installed on your WordPress site. You can check the plugin version via the WordPress admin dashboard or by running commands to inspect the plugin files. For example, using WP-CLI, you can run: `wp plugin list | grep post-and-page-builder` to see the installed version. If the version is 1.27.8 or earlier, the site is vulnerable. There are no specific network commands to detect CSRF exploits directly, but monitoring for unusual POST requests or actions performed without user intent may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Post and Page Builder by BoldGrid plugin to version 1.27.9 or later, where the issue is fixed. Additionally, applying virtual patching (vPatching) provided by Patchstack can serve as an interim protection method before official updates are applied. It is also recommended to follow best practices such as limiting user privileges and monitoring for suspicious activity. If a compromise is suspected, professional incident response is advised. [1]