CVE-2025-53274
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WP Permalink Translator WordPress plugin (versions up to 1.7.6). It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site, which can lead to Stored Cross-Site Scripting (XSS). This means malicious scripts can be stored and executed in the context of the affected website, potentially compromising site integrity. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your WordPress site if a privileged user is tricked into performing them. This can lead to stored XSS attacks, which may compromise the security and integrity of your site, potentially resulting in data theft, defacement, or further exploitation. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patches or plugin removal. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious CSRF attack patterns targeting the WP Permalink Translator plugin, especially actions performed by higher privileged users without their intent. Since plugin-based malware scanners may be unreliable, it is recommended to perform server-side malware scanning and seek professional incident response. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the WP Permalink Translator plugin with a secure alternative, as no official patch or fixed version is available and the plugin is abandoned. Applying a virtual patch (vPatch) from Patchstack can provide rapid protection against exploitation. Deactivating the plugin alone does not eliminate the risk. Additionally, users should consider professional incident response and server-side malware scanning if compromise is suspected. [1]