CVE-2025-52783
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress plugin "Change Cart button Colors WooCommerce" version 1.0 and earlier. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent. This can lead to stored Cross-Site Scripting (XSS) attacks, compromising the site's integrity. The vulnerability is categorized under OWASP Top 10 A1: Broken Access Control and can be exploited without authentication. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute unauthorized actions on your website through authenticated users, potentially leading to stored XSS attacks. This compromises the integrity and security of your site, possibly resulting in data manipulation, unauthorized changes, or further exploitation. Since the plugin is abandoned and no official fix exists, the risk remains unless mitigated by virtual patching or removing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection would typically involve checking if the vulnerable plugin "Change Cart button Colors WooCommerce" version 1.0 or earlier is installed and active on your WordPress site. Since the vulnerability is a CSRF allowing stored XSS, monitoring for unusual or unauthorized changes in the cart button colors or unexpected script injections might help, but no explicit commands or network detection methods are given. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable "Change Cart button Colors WooCommerce" plugin with a maintained alternative. Since no official fix or updated version is available and deactivating the plugin does not fully eliminate the risk, applying a virtual patch (vPatch) from Patchstack is recommended to mitigate the vulnerability until a permanent solution is found. [1]