CVE-2025-49351
BaseFortify
Publication date: 2025-12-09
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| valentin_agachi | create_posts_terms | 1.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Create Posts & Terms plugin by Valentin Agachi, which allows an attacker to perform Stored Cross-Site Scripting (XSS). This means that an attacker can trick a user into executing malicious scripts by exploiting the plugin's insufficient protection against unauthorized requests, potentially leading to persistent malicious code being stored and executed in the application.
How can this vulnerability impact me? :
The vulnerability can allow attackers to inject and store malicious scripts within the affected application, which can then be executed in the context of other users. This can lead to unauthorized actions being performed on behalf of users, theft of sensitive information, session hijacking, or other malicious activities that compromise the security and integrity of the application and its users.