CVE-2025-53315
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53315 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Relocate Upload plugin (versions up to 0.24.1). It allows an attacker to trick authenticated users with higher privileges into performing unauthorized actions on the site, potentially leading to stored Cross-Site Scripting (XSS) attacks and compromising site security. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute unauthorized actions on your WordPress site by exploiting authenticated users with higher privileges. This can lead to compromised site security, including stored XSS attacks, which may result in data theft, site defacement, or further exploitation. Since the plugin is abandoned and no official fix is available, the risk remains unless mitigated by virtual patches or plugin removal. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability cannot rely solely on plugin-based malware scanners as they are not sufficient. Since the vulnerability involves Cross-Site Request Forgery (CSRF) leading to Stored XSS, detection would involve monitoring for unauthorized or suspicious actions performed by authenticated users, especially those with higher privileges. Specific commands are not provided in the available resources. It is recommended to use professional incident response services for thorough detection and investigation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Relocate Upload plugin with an alternative plugin, as no official fix or updated version is available. Deactivating the plugin alone does not eliminate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching solutions that provide immediate mitigation without official patches. Seeking professional incident response services is also advised if compromise is suspected. [1]