CVE-2025-48317
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | woocommerce_payment_gateway_for_saferpay | 0.4.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal flaw in the WooCommerce Payment Gateway for Saferpay plugin (versions up to 0.4.9). It allows unauthenticated attackers to exploit the flaw to access unauthorized files or directories on the server. It is classified under OWASP Top 10 A1: Broken Access Control and has a high severity with a CVSS score of 7.5. The plugin appears to be abandoned, with no official fix available, making exploitation more likely. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to access sensitive or unauthorized files on your server without authentication. This could lead to exposure of confidential information or system files, potentially compromising the security of your website or server. Since the plugin is likely abandoned and no official fix exists, the risk of exploitation is high, and automated attacks may target this vulnerability rapidly. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for exploitation attempts targeting the path traversal flaw in the WooCommerce Payment Gateway for Saferpay plugin (versions up to 0.4.9). While specific commands are not provided, applying the Patchstack virtual patch (vPatch) can help block exploitation attempts. Network or web server logs should be inspected for unusual requests attempting to access unauthorized files or directories via path traversal patterns (e.g., requests containing '../'). Using web application firewall (WAF) rules or intrusion detection systems (IDS) configured to detect path traversal payloads can also aid in detection. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) released to block exploitation attempts until an official fix is available. Users are strongly advised to apply this virtual patch immediately or replace the vulnerable plugin with a secure alternative. Simply deactivating the plugin does not eliminate the security risk, so active mitigation is necessary. [1]