CVE-2025-48320
BaseFortify
Publication date: 2025-08-28
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| baidu | baidu_share_button | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48320 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin 百度分享按钮 (Baidu Share Button) versions up to 1.0.6. This vulnerability allows an attacker to trick authenticated users, potentially with higher privileges, into executing unintended actions without their consent. It can lead to Stored Cross-Site Scripting (XSS) attacks, enabling malicious code to be stored and executed in the context of the affected site. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to perform unauthorized actions on your website through authenticated users without their knowledge. This can lead to stored XSS attacks, which may compromise user data, site integrity, and potentially allow attackers to escalate privileges or manipulate site content. Since the plugin is abandoned and has no official fix, the risk remains unless you replace the plugin or apply a virtual patch. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection would typically involve checking if the 百度分享按钮 (Baidu Share Button) WordPress plugin version is 1.0.6 or earlier installed on your system, as these versions are vulnerable. Since the vulnerability involves CSRF leading to stored XSS, monitoring for unusual or unauthorized actions by authenticated users might help, but no direct detection commands are given. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable 百度分享按钮 plugin with an alternative solution, as the plugin is abandoned and has no official patch. Simply deactivating the plugin does not fully eliminate the risk unless a virtual patch (vPatch) is applied. Patchstack's virtual patching technology can provide immediate protection in the absence of an official fix. [1]