CVE-2025-52744
Awaiting Analysis Awaiting Analysis - Queue

BaseFortify

Vulnerability report for CVE-2025-52744, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-04-27

Assigner: Patchstack

Description

Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-04-27
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-52744 is a medium priority Arbitrary Code Execution vulnerability in the WordPress plugin "Inpersttion For Theme" versions up to and including 1.0.'}, {'type': 'paragraph', 'content': 'This vulnerability is classified under OWASP Top 10 A3: Injection and allows a malicious actor with at least Contributor or Developer privileges to remotely execute arbitrary code on the affected site.'}, {'type': 'paragraph', 'content': 'No official patch is currently available, but mitigation rules have been released to block attacks targeting this flaw.'}] [1]

Impact Analysis

This vulnerability allows an attacker with Contributor or Developer privileges to remotely execute arbitrary code on your WordPress site.

Such code execution can lead to unauthorized control over the site, potentially resulting in data breaches, site defacement, or further compromise of the hosting environment.

Because the vulnerability has a CVSS score of 7.7, it represents a significant risk and should be mitigated immediately.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'CVE-2025-52744 affects the WordPress plugin "Inpersttion For Theme" versions up to and including 1.0 and allows arbitrary code execution via injection. Detection typically involves checking for the presence and version of this plugin on your WordPress site.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires at least Contributor or Developer privileges to exploit, monitoring for unusual privilege escalations or suspicious activity from such users can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources. However, you can check the installed plugin version using WP-CLI with the command:'}, {'type': 'list_item', 'content': 'wp plugin list --status=active'}, {'type': 'paragraph', 'content': 'Look for "Inpersttion For Theme" plugin and verify if its version is 1.0 or lower, which is vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for suspicious requests targeting this plugin or unusual code execution patterns may help detect exploitation attempts.'}] [1]

Mitigation Strategies

Since no official patch is currently available for CVE-2025-52744, immediate mitigation is critical to protect your site.

  • Implement the mitigation rule released by Patchstack to block attacks targeting this vulnerability.
  • Use Patchstack’s automated vulnerability mitigation solutions to maintain security until an official patch is released and tested.
  • Restrict user privileges to the minimum necessary, especially limiting Contributor or Developer roles, to reduce the risk of exploitation.
  • Monitor your site for suspicious activity and unauthorized code execution attempts.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52744. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart