CVE-2025-11976
BaseFortify
Publication date: 2025-10-25
Last updated on: 2025-10-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fusewp | fusewp | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the FuseWP WordPress plugin (versions up to 1.1.23.0). It occurs because the plugin's save_changes function lacks proper nonce validation, allowing an attacker to trick an authenticated site administrator into performing unauthorized actions such as adding or editing synchronization rules via a forged request. [1]
How can this vulnerability impact me? :
An attacker can exploit this vulnerability to modify synchronization rules in the FuseWP plugin without proper authorization by tricking an administrator into clicking a malicious link. This could lead to unauthorized changes in how user data is synced with email marketing services, potentially compromising data integrity or causing unintended data sharing. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the FuseWP plugin version is up to and including 1.1.23.0 and by monitoring for unauthorized POST requests containing the parameter 'fusewp_save_sync_rule' without proper nonce verification. Since the vulnerability involves missing nonce validation on the save_changes function, you can inspect HTTP POST requests to the WordPress admin area for suspicious activity related to this parameter. There are no specific commands provided in the resources to detect this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the FuseWP plugin to a version that includes the security fixes, which add capability checks and nonce verification to prevent unauthorized access and CSRF attacks. Specifically, ensure that the plugin version is later than 1.1.23.0 where the changeset 3383939 has been applied. Additionally, restrict administrative access to trusted users only and monitor for suspicious POST requests attempting to save synchronization rules. [1]