CVE-2025-53265
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53265 is a Cross Site Request Forgery (CSRF) vulnerability in the WordPress Virusdie plugin versions up to and including 1.1.3. It allows an attacker to trick higher privileged users into executing unauthorized actions while they are authenticated, potentially compromising site security. The vulnerability requires no authentication to exploit and is related to broken access control. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your site through the Virusdie plugin if a privileged user is tricked into executing them. This can lead to compromised site security, potential data integrity issues, and unauthorized changes. Since the plugin is abandoned and no official fix is available, the risk remains unless mitigated by virtual patching or removing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection would generally involve checking if the Virusdie WordPress plugin version 1.1.3 or earlier is installed and active on your system, as the vulnerability affects these versions. Since the vulnerability allows CSRF attacks without authentication, monitoring for unusual or unauthorized actions by privileged users might help, but no explicit commands or signatures are given. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the Virusdie plugin, as it is abandoned and no official patch is available. Applying a virtual patch (vPatch) from Patchstack can provide immediate protection. Deactivating the plugin alone does not eliminate the risk. Users are also advised to consider alternative software and seek professional incident response if their sites are compromised. [1]