CVE-2025-52825
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Real Estate Manager plugin (up to version 7.3). It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions without their consent, potentially leading to privilege escalation and compromising site security. The exploit does not require authentication and is classified under OWASP Top 10 category A1: Broken Access Control. [1]
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation by allowing attackers to execute unauthorized actions on behalf of privileged users. This can compromise the security of your site, potentially leading to data breaches, unauthorized changes, or full site compromise. Since the plugin is abandoned and no official fix is available, the risk remains unless mitigated by virtual patching or replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability cannot rely solely on plugin-based malware scanners as they are not sufficient. Since the vulnerability involves Cross-Site Request Forgery (CSRF) allowing privilege escalation in the Real Estate Manager plugin up to version 7.3, detection would involve monitoring for unusual or unauthorized actions performed by authenticated users, especially those with higher privileges. There are no specific commands provided for detection. Users are advised to seek professional incident response services if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Real Estate Manager plugin with an alternative plugin, as deactivating the plugin alone does not eliminate the risk. Since no official fix or updated version is available and the plugin is abandoned, applying a virtual patch (vPatch) offered by Patchstack is recommended. Users should also consider professional incident response if compromise is suspected. [1]