CVE-2025-57917
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| printcart | web_to_print_product_designer | 2.4.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the Printcart Web to Print Product Designer for WooCommerce plugin (up to version 2.4.3). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unauthenticated users to perform actions that should require higher privileges. [1]
How can this vulnerability impact me? :
The vulnerability allows unauthorized users to perform privileged actions within the plugin, potentially leading to unauthorized modifications or misuse of the web-to-print product designer features. However, the risk is considered low with a CVSS score of 4.3, and exploitation is unlikely. There is no official patch yet, but virtual patching is available to mitigate the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking for unauthorized access attempts or actions that require higher privileges within the Printcart Web to Print Product Designer for WooCommerce plugin. Since the vulnerability arises from missing authorization and authentication checks, monitoring web server logs for suspicious requests targeting the plugin's functions is recommended. However, no specific detection commands or tools are provided. Plugin-based malware scanners may be unreliable for this vulnerability. Seeking professional incident response services is advised if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability without impacting performance. Since no official patch or fixed plugin version is available, users should implement this virtual patching solution. Additionally, monitoring for suspicious activity and consulting professional incident response services if compromise is suspected are recommended. [1]