CVE-2025-54667
BaseFortify
Publication date: 2025-08-14
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wordpress | * |
| patchstack | mycred | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-367 | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Time-of-check Time-of-use (TOCTOU) Race Condition in the myCred plugin by Saad Iqbal. It involves a race condition where the state of a resource changes between the time it is checked and the time it is used, potentially allowing an attacker to exploit this timing window.
How can this vulnerability impact me? :
The vulnerability can lead to integrity issues, as indicated by the CVSS impact score, meaning an attacker could potentially manipulate or alter data or operations within the affected myCred plugin without authorization. However, it does not impact confidentiality or availability.