CVE-2025-57960
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | wordpress_travel_map_plugin | 1.0.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress Travel Map Plugin versions up to 1.0.3. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent. The attacker does not need to be authenticated themselves to exploit this vulnerability, which can compromise the integrity of the site. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to execute unauthorized actions on your site through authenticated users, potentially compromising site integrity. Although the severity is considered low, it can lead to broken access control issues. There is currently no official patch available, so the risk remains unless mitigated by virtual patching or other protective measures. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the Travel Map WordPress plugin version 1.0.3 or earlier is installed and active. Since this is a CSRF vulnerability, network detection is challenging without specific exploit signatures. Plugin-based malware scanners may be unreliable. It is recommended to check the plugin version via WordPress admin or by running commands such as 'wp plugin list' if WP-CLI is available. There are no specific commands provided for detecting exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) to neutralize the vulnerability in the absence of an official fix. Users should seek professional incident response or hosting provider assistance if their sites are compromised. Additionally, restricting user privileges and educating users about CSRF risks can help reduce impact. Monitoring and disabling the vulnerable plugin until a patch is available is advisable. [1]