CVE-2025-53322
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WordPress plugin 'Accept Authorize.NET Payments Using Contact Form 7' (up to version 2.5) allows unauthenticated attackers to access sensitive information that should normally be restricted. It is classified as a Sensitive Data Exposure issue under OWASP Top 10 category A5: Security Misconfiguration. Exploiting this vulnerability does not require any privileges or user interaction. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized disclosure of sensitive data, which may enable further exploitation of the system. Although the severity is considered low (CVSS score 5.3) and exploitation is unlikely, sensitive information exposure can still pose risks such as data leaks or privacy breaches. There is currently no official patch, but virtual patching solutions are available to mitigate the risk. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official fix or updated plugin version is currently available, it is recommended to use virtual patching (vPatching) solutions offered by Patchstack to provide automatic protection against this vulnerability. Additionally, monitor for any updates from the plugin developer and consider restricting access to the affected plugin functionality to reduce exposure. [1]