CVE-2025-57976
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cardcom | payment_gateway | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the CardCom Payment Gateway WordPress plugin (up to version 3.5.0.4). It occurs because certain plugin functions lack proper authorization, authentication, or nonce token checks. This allows unauthenticated users to perform actions that normally require higher privileges, leading to Broken Access Control as classified by OWASP Top 10 category A1. [1]
How can this vulnerability impact me? :
The vulnerability allows unauthenticated users to perform privileged actions within the CardCom Payment Gateway plugin, potentially leading to unauthorized changes or misuse of the payment gateway functionality. However, it has a low severity score (CVSS 5.3) and is considered unlikely to be exploited. Despite this, if exploitation occurs, it could compromise the integrity of payment processing or related operations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized access attempts or actions that require higher privileges within the CardCom Payment Gateway plugin. Since the vulnerability stems from missing authorization checks, you should look for unusual or unauthenticated requests targeting the plugin's functions. However, no specific detection commands are provided. It is recommended to perform server-side malware scanning or engage professional incident response services if compromise is suspected, as plugin-based malware scanners may be unreliable. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which automatically protects against this vulnerability even without an official fix. Additionally, monitor your system for suspicious activity and consider professional incident response if you suspect compromise. Since no official patch is available, avoid relying solely on plugin-based malware scanners. [1]