CVE-2025-53450
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pluginwale | easy_pricing_table_wp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53450 is a Local File Inclusion (LFI) vulnerability in the WordPress Easy Pricing Table WP Plugin (versions up to 1.1.3). It allows an attacker with contributor-level access to include and display local files from the target website. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. The vulnerability is related to improper control of filenames used in include/require statements in PHP. [1]
How can this vulnerability impact me? :
This vulnerability can expose sensitive information from your website, including database credentials. In some cases, it could allow an attacker to take over your database completely. Exploitation requires contributor-level access, and the impact includes confidentiality, integrity, and availability risks to your website and data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to exploit Local File Inclusion (LFI) in the Easy Pricing Table WP plugin. Since the vulnerability requires contributor-level access and involves inclusion of local files via PHP include/require statements, you can look for suspicious HTTP requests targeting the plugin's endpoints with parameters that include file paths. Network intrusion detection systems (NIDS) or web application firewalls (WAF) can be configured to alert on such patterns. Additionally, server-side malware scanning is recommended as plugin-based malware scanners may be unreliable. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which automatically protects sites even without an official fix. Since no official patch or fixed version is currently available, users should consider disabling or removing the Easy Pricing Table WP plugin version 1.1.3 or earlier if possible. Monitoring for signs of compromise and seeking professional incident response or server-side malware scanning is also advised to handle potential exploitation. [1]