CVE-2025-52744
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2026-02-20

Last updated on: 2026-04-27

Assigner: Patchstack

Description
Improper Control of Generation of Code ('Code Injection') vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through <= 1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-52744
EUVD
EUVD-2025-208036
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Since no official patch is currently available for CVE-2025-52744, immediate mitigation is critical to protect your site.

  • Implement the mitigation rule released by Patchstack to block attacks targeting this vulnerability.
  • Use Patchstack’s automated vulnerability mitigation solutions to maintain security until an official patch is released and tested.
  • Restrict user privileges to the minimum necessary, especially limiting Contributor or Developer roles, to reduce the risk of exploitation.
  • Monitor your site for suspicious activity and unauthorized code execution attempts.
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2025-52744 is a medium priority Arbitrary Code Execution vulnerability in the WordPress plugin "Inpersttion For Theme" versions up to and including 1.0.'}, {'type': 'paragraph', 'content': 'This vulnerability is classified under OWASP Top 10 A3: Injection and allows a malicious actor with at least Contributor or Developer privileges to remotely execute arbitrary code on the affected site.'}, {'type': 'paragraph', 'content': 'No official patch is currently available, but mitigation rules have been released to block attacks targeting this flaw.'}] [1]

Impact Analysis

This vulnerability allows an attacker with Contributor or Developer privileges to remotely execute arbitrary code on your WordPress site.

Such code execution can lead to unauthorized control over the site, potentially resulting in data breaches, site defacement, or further compromise of the hosting environment.

Because the vulnerability has a CVSS score of 7.7, it represents a significant risk and should be mitigated immediately.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'CVE-2025-52744 affects the WordPress plugin "Inpersttion For Theme" versions up to and including 1.0 and allows arbitrary code execution via injection. Detection typically involves checking for the presence and version of this plugin on your WordPress site.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires at least Contributor or Developer privileges to exploit, monitoring for unusual privilege escalations or suspicious activity from such users can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'No specific detection commands are provided in the available resources. However, you can check the installed plugin version using WP-CLI with the command:'}, {'type': 'list_item', 'content': 'wp plugin list --status=active'}, {'type': 'paragraph', 'content': 'Look for "Inpersttion For Theme" plugin and verify if its version is 1.0 or lower, which is vulnerable.'}, {'type': 'paragraph', 'content': 'Additionally, monitoring web server logs for suspicious requests targeting this plugin or unusual code execution patterns may help detect exploitation attempts.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52744. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart