CVE-2025-52795
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress plugin "WP Front User Submit / Front Editor" up to version 4.9.4. It allows a malicious actor to trick authenticated users with higher privileges into performing unauthorized actions on the site without their consent. This can compromise site security by exploiting broken access control. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions being executed on your WordPress site by tricking privileged users, potentially compromising site security. Although the severity is considered low and exploitation is unlikely, it can still result in unauthorized changes or disruptions. There is no official patch yet, but virtual patching is available as a mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands provided for this vulnerability. Users are advised to monitor for updates and consult hosting providers for malware scanning if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability without requiring an official patch. Additionally, users should monitor for updates and consult hosting providers for malware scanning if compromise is suspected. [1]