CVE-2025-47479
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpcompress | wp_compress | to 6.30.31 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1390 | The product uses an authentication mechanism to restrict access to specific users or identities, but the mechanism does not sufficiently prove that the claimed identity is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47479 is a medium severity broken authentication vulnerability in the WordPress WP Compress plugin up to version 6.30.30. It allows unauthenticated attackers to perform actions normally restricted to higher privileged users, potentially gaining administrative access to the affected website. This vulnerability falls under the OWASP Top 10 category A1: Broken Access Control and is fixed in version 6.30.31. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers without authentication to abuse authentication mechanisms and perform privileged actions, potentially gaining administrative control over your WordPress site using the WP Compress plugin. This could lead to unauthorized changes, data manipulation, or other malicious activities on your website. The impact varies depending on the specific case but is considered moderate risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized access attempts or actions typically restricted to higher privileged users on the WordPress site using the WP Compress plugin up to version 6.30.30. Since the vulnerability allows unauthenticated attackers to perform privileged actions, reviewing web server logs for suspicious requests targeting WP Compress endpoints may help. However, no specific detection commands are provided. It is recommended to perform professional incident response and server-side malware scanning to identify compromise, as plugin-based scanners may be unreliable due to potential tampering. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block attack attempts until a full update can be performed. The most effective action is to update the WP Compress plugin to version 6.30.31 or later, which contains the fix for this vulnerability. Additionally, enabling automatic updates for vulnerable plugins is recommended to ensure timely patching and reduce risk of exploitation. [1]