CVE-2025-53200
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the WordPress ChatBot plugin to version 6.7.5 or later, as this version contains the fix for the Broken Access Control issue. Alternatively, use Patchstack's virtual patching (vPatching) service to auto-mitigate the vulnerability before applying the official update. Since the vulnerability requires only Subscriber-level privileges to exploit, limiting user privileges and monitoring for suspicious activity may also help reduce risk until the update is applied. [1]
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress ChatBot plugin up to version 6.7.3. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows users with low-level privileges (such as Subscribers) to perform actions that should be restricted to higher-privileged roles. [1]
How can this vulnerability impact me? :
The vulnerability could allow low-privileged authenticated users to perform unauthorized actions within the ChatBot plugin, potentially leading to misuse or abuse of features intended only for higher-privileged users. However, the risk is considered low priority and exploitation is unlikely. Updating to version 6.7.5 or later is recommended to mitigate this risk. [1]