CVE-2025-53261
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WP YouTube Live WordPress plugin (versions up to 1.10.0). It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent. The attacker does not need any privileges to initiate the attack. This can compromise site security by exploiting broken access control. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to unauthorized actions being performed on your WordPress site by tricking privileged users. This can compromise the security and integrity of your site. Since the plugin is abandoned and unpatched, the risk remains unless you replace the plugin or apply a virtual patch. Automated attacks may opportunistically target your site, so professional incident response and server-side malware scanning are recommended if compromised. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unusual or unauthorized actions initiated by unauthenticated users targeting the WP YouTube Live plugin. Since automated attacks commonly exploit this vulnerability opportunistically, network monitoring for suspicious HTTP requests that attempt to perform actions on the plugin without proper authorization can help. However, no specific detection commands are provided. It is recommended to perform professional incident response and server-side malware scanning rather than relying on plugin-based scanners, which may be tampered with by malware. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the WP YouTube Live plugin (version 1.10.0 or earlier) with an alternative solution, as no official patch or fix is available and the plugin is abandoned. Simply deactivating the plugin does not fully mitigate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as an immediate protection method that auto-mitigates the vulnerability without requiring an official patch. [1]