CVE-2025-53331
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress RSS Digest plugin (versions up to 1.5). It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent. This can lead to stored Cross-Site Scripting (XSS) attacks, potentially compromising the site's integrity. Exploitation does not require the attacker to be authenticated. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your site through authenticated users, potentially leading to stored XSS attacks. This can compromise site integrity, leak sensitive information, or allow further exploitation. Although the severity is considered low and widespread exploitation is unlikely, it still poses a risk to site security and user trust. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch or fixed version is currently available, immediate mitigation can be achieved by applying Patchstack's virtual patching (vPatching), which auto-mitigates the vulnerability without performance loss. Additionally, users should monitor for updates and consider professional incident response if compromise is suspected. [1]