CVE-2025-57991
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| clariti | clariti_plugin | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-57991 is a Broken Access Control vulnerability in the WordPress Clariti Plugin (versions up to 1.2.1). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which can allow users with low privileges (Subscriber-level) to perform actions meant for higher-privileged users. This means that the plugin does not properly restrict access to sensitive functions, potentially enabling unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability can allow unprivileged users to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or disruptions within the affected WordPress site. Although the severity is rated as low (CVSS 5.4) and exploitation is considered unlikely, successful exploitation could result in integrity and availability impacts on the site. Automated and opportunistic attacks may target vulnerable sites indiscriminately. In case of compromise, professional incident response or server-side malware scanning is recommended. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress site is running the Clariti plugin version 1.2.1 or earlier, as these versions are affected. Since the vulnerability is due to missing authorization checks allowing lower-privileged users to perform higher-privileged actions, monitoring for unusual privilege escalations or unauthorized actions by Subscriber-level users may help detect exploitation attempts. There are no specific commands provided for detection. It is recommended to perform server-side malware scanning and seek professional incident response if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack to protect against this vulnerability in the absence of an official fix. Additionally, monitoring and restricting Subscriber-level user actions, and preparing for professional incident response and server-side malware scanning in case of compromise are advised. Since no official patch or fixed version is available yet, virtual patching is the recommended rapid protection method without impacting performance. [1]