CVE-2025-53254
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Request Forgery (CSRF) in the WordPress Cyrlitera plugin up to version 1.2.0. It allows an attacker to trick authenticated users with higher privileges into executing unwanted actions on the site without their consent. The attacker does not need to be authenticated to exploit this issue. It falls under the OWASP Top 10 category A1: Broken Access Control and has a low severity rating with a CVSS score of 4.3. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your site through authenticated users, potentially compromising site integrity. Although the impact is considered low and exploitation is unlikely, it could lead to unwanted changes or disruptions if exploited. There is currently no official patch, but virtual patching is available to mitigate the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Users are advised to monitor for unusual actions performed by higher privileged users that could indicate exploitation of the CSRF vulnerability. Since exploitation requires no authentication and involves tricking authenticated users into executing unwanted actions, detection would primarily rely on monitoring user activity and web application logs for suspicious behavior. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which auto-mitigates the vulnerability without requiring an official patch. Users should also monitor for updates from the plugin developers and consider professional incident response if compromise is suspected. Since no official fix is available, virtual patching is the recommended rapid protection method. [1]