CVE-2025-69183
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | hospital_doctor_directory | From 1.0.0 (inc) to 1.3.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-69183 is a high-priority privilege escalation vulnerability in the WordPress Hospital Doctor Directory Plugin (versions up to 1.3.9). It allows a user with low-level privileges, such as a Subscriber or Developer, to escalate their access rights to higher privileges, potentially gaining full control over the affected WordPress website. This vulnerability is classified under OWASP Top 10 A4: Insecure Design and has a CVSS severity score of 8.8. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low-level access to escalate their privileges and gain full control over the affected WordPress website. This could lead to unauthorized access, modification, or deletion of data, disruption of website services, and potential compromise of sensitive information hosted on the site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability affects WordPress sites using the Hospital Doctor Directory plugin version 1.3.9 or earlier. Detection involves verifying the plugin version installed on your WordPress site. Since no specific detection commands are provided, you can check the plugin version via the WordPress admin dashboard or by running commands such as 'wp plugin list' using WP-CLI to identify the plugin version. Monitoring for exploitation attempts can be enhanced by applying the Patchstack mitigation rule mentioned. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves applying the Patchstack mitigation rule provided by Patchstack to block exploitation attempts until an official patch is released. Since no official fix or patched version is currently available, implementing this mitigation is the recommended step to protect affected sites. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this privilege escalation vulnerability in the Hospital Doctor Directory plugin affects compliance with common standards and regulations such as GDPR or HIPAA.