CVE-2025-57939
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | image_hover_effects_elementor_addon | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57939 is a Broken Access Control vulnerability in the WordPress plugin 'Image Hover Effects β Elementor Addon' up to version 1.4.4. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing unprivileged users (such as those with Subscriber-level privileges) to perform actions that should be restricted to higher-privileged users. This means the plugin does not properly enforce access control, enabling unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers with low-level access to perform unauthorized actions reserved for higher-privileged users, potentially leading to unauthorized changes or misuse of the plugin's features. Although the CVSS score is moderate (5.3), the risk is increased because the plugin is abandoned and unpatched, making it a target for automated and opportunistic attacks. Users may face security breaches or unauthorized modifications if the vulnerability is exploited. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized actions performed by low-privileged users (Subscriber-level) that should require higher privileges. Since the vulnerability allows broken access control exploitation, network or system detection should focus on identifying unusual or unauthorized access patterns to the Image Hover Effects β Elementor Addon plugin functions. However, no specific commands or detection signatures are provided. Users suspecting compromise are advised to perform professional incident response or server-side malware scanning rather than relying solely on plugin-based malware scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Image Hover Effects β Elementor Addon plugin with an alternative solution, as no official patch or fix is available and the plugin appears abandoned. Deactivating the plugin alone does not fully eliminate the risk unless a virtual patch (vPatch) is applied. Applying a virtual patch from a security provider like Patchstack can provide immediate protection by auto-applying security rules against exploitation. Users should also consider professional incident response if compromise is suspected. [1]