CVE-2025-53266
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53266 is a Broken Access Control vulnerability in the WordPress Cron Logger plugin up to version 1.3.0. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, allowing users with low privileges (Subscriber-level) to perform actions meant for higher-privileged users. This means that access control is incorrectly configured, enabling unauthorized actions within the plugin. [1]
How can this vulnerability impact me? :
This vulnerability can allow unprivileged users to perform actions that should be restricted to higher-privileged users, potentially leading to unauthorized changes or disruptions in the WordPress environment. Although the severity is considered low (CVSS 4.3) and exploitation is unlikely, if exploited, it could cause availability issues or unauthorized operations within the plugin. Users are advised to use virtual patching and consider malware scanning or professional incident response if compromise is suspected. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress Cron Logger plugin version is 1.3.0 or below and monitoring for unauthorized actions performed by users with Subscriber-level privileges. Since plugin-based malware scanners can be unreliable, server-side malware scanning or professional incident response is recommended if compromise is suspected. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) as recommended by Patchstack, which auto-mitigates vulnerabilities even without an official patch. Additionally, monitoring and restricting user privileges, performing server-side malware scanning, and engaging professional incident response if compromise is suspected are advised. No official fix or patched version is currently available. [1]