CVE-2025-53203
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WooCommerce PDF Invoice Builder plugin for WordPress, affecting versions up to 1.2.148. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions without their consent, potentially compromising the integrity of the site. The vulnerability falls under the OWASP Top 10 category A1: Broken Access Control and has a low severity score of 4.3. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your site by exploiting authenticated users with higher privileges. This could lead to compromised site integrity, such as unauthorized changes or actions performed without the user's knowledge. However, the risk is considered low severity and unlikely to be widely exploited, but updating the plugin to version 1.2.149 or later is recommended to mitigate this risk. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the WooCommerce PDF Invoice Builder plugin to version 1.2.149 or later, where the issue is fixed. Additionally, you can apply virtual patching (vPatching) offered by Patchstack as an immediate protective measure to auto-mitigate the vulnerability before applying the official patch. [1]