CVE-2025-53452
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | event_rocket | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress Event Rocket Plugin up to version 3.3. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which can allow users with Contributor-level privileges to perform actions that should be restricted to higher-privileged roles. [1]
How can this vulnerability impact me? :
The vulnerability can allow unprivileged users (with Contributor privileges) to perform unauthorized actions reserved for higher-privileged roles. This could lead to unauthorized modifications or actions within the WordPress site, potentially compromising site integrity or security. However, the impact is considered low severity with a CVSS score of 4.3, and exploitation likelihood is low. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized actions performed by users with Contributor privileges that should require higher privileges. Since the vulnerability is due to missing authorization checks in certain plugin functions, you can look for unusual access patterns or privilege escalations in your WordPress logs. Additionally, using server-side malware scanning and professional incident response services is recommended, as plugin-based malware scanners may be unreliable. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which offers automatic protection against exploitation even without an official fix. Users should also consider restricting Contributor-level user capabilities temporarily, monitor for suspicious activity, and seek professional incident response or server-side malware scanning if compromise is suspected. Timely updates and security measures are important to prevent automated attacks targeting this vulnerability. [1]