CVE-2025-57930
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| double_the_donation | double_the_donation | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Double the Donation Plugin up to version 2.0.0. It allows an attacker to trick authenticated users with higher privileges into performing unauthorized actions on the site without their consent. Essentially, the attacker exploits the trust that the site has in the user's browser to execute actions that compromise site security. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions being executed by privileged users, potentially compromising the security of your site. Since the plugin is abandoned and no official patch is available, the risk remains unless mitigated by virtual patching or replacing the plugin. Automated attacks may exploit this vulnerability opportunistically, increasing the risk of site compromise. Simply deactivating the plugin does not fully mitigate the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific commands provided to detect this vulnerability on your network or system. Detection typically involves checking if the WordPress Double the Donation Plugin version is up to and including 2.0.0, which is known to be vulnerable. Since automated attacks exploit this vulnerability opportunistically, professional incident response and server-side malware scanning are recommended rather than relying solely on plugin-based scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Double the Donation plugin with an alternative solution, as no official patch is available and the plugin is abandoned. Deactivating the plugin alone does not mitigate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as an immediate protection method that auto-mitigates the vulnerability without requiring official patches. Additionally, sites suspected of compromise should seek professional incident response and perform server-side malware scanning. [1]