CVE-2025-62886
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wpdevart | pricing_table_builder | 1.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the wpdevart Pricing Table builder plugin for WordPress (version 1.5.1 and earlier). It allows an attacker to perform unauthorized actions on behalf of an authenticated user, which can lead to Stored Cross-Site Scripting (XSS). Stored XSS means malicious scripts can be injected and permanently stored in the application, potentially affecting users who view the compromised content.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts in the context of the affected website, potentially leading to unauthorized actions, data theft, session hijacking, or defacement. Users and administrators might be exposed to attacks that compromise their accounts or data integrity.