CVE-2025-60156
BaseFortify
Publication date: 2025-09-26
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | ar_for_wordpress | 7.98 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the AR For WordPress plugin called webandprint. It allows an attacker to upload a web shell to the web server, potentially enabling remote code execution or unauthorized control over the server.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including unauthorized access to the web server, remote code execution, data compromise, and potential full control over the affected server. This can lead to data loss, service disruption, and further exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can negatively affect compliance with standards like GDPR and HIPAA because it can lead to unauthorized access and potential exposure of sensitive personal or health data, violating data protection and privacy requirements.