CVE-2025-49302
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49302 is a critical Remote Code Execution (RCE) vulnerability in the WordPress Easy Stripe plugin versions up to and including 1.1. It allows unauthenticated attackers to execute arbitrary commands on the affected website remotely, potentially gaining backdoor access and full control over the site. This vulnerability is due to improper control of code generation, classified under OWASP Top 10 category A3: Injection. It has a maximum CVSS score of 10, indicating a very high risk. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to take full control of your website by executing arbitrary code remotely without authentication. This can lead to unauthorized access, data theft, site defacement, installation of malware, and potentially using your site as a platform for further attacks. Because exploitation can be automated and opportunistic, any site running vulnerable versions of the Easy Stripe plugin is at high risk of compromise. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability can be challenging as it allows unauthenticated remote code execution. Patchstack recommends seeking professional incident response services if a compromise is suspected because plugin-based malware scanners may be unreliable. There are no specific commands provided for detection in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Easy Stripe plugin to version 1.2 or later, which contains the fix for this vulnerability. Alternatively, applying Patchstack's virtual patch (vPatch) can automatically block exploit attempts without requiring an official plugin update. Enabling auto-updates for vulnerable plugins is also recommended to prevent exploitation. [1]