CVE-2025-57990
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| solwininfotech | blog_designer | 3.1 |
| solwininfotech | blog_designer | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress Blog Designer Plugin (up to version 3.1.8). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with low-level privileges (Subscriber-level) to perform actions that should require higher privileges. Essentially, the plugin incorrectly restricts access, enabling unauthorized actions. [1]
How can this vulnerability impact me? :
The vulnerability can allow unprivileged users to perform unauthorized actions within the Blog Designer plugin, potentially leading to limited integrity and availability impacts on the affected system. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patching or replacement. Attackers may exploit this opportunistically, so it could lead to unauthorized changes or disruptions in your WordPress site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized actions performed by users with Subscriber-level privileges that should require higher privileges. Since the plugin lacks proper authorization checks, suspicious activity logs or unexpected changes initiated by low-privilege users may indicate exploitation. It is recommended to perform server-side malware scanning and professional incident response to identify potential compromises. Specific commands are not provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Blog Designer plugin with an alternative solution, as no official patch or fix is available and the plugin is abandoned. Simply deactivating the plugin is insufficient unless a virtual patch (vPatch) is applied. Applying a virtual patch is the fastest way to protect the system automatically. Additionally, professional incident response and server-side malware scanning are recommended if compromise is suspected. [1]