CVE-2025-58203
BaseFortify
Publication date: 2025-08-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| solacewp | solace_extra | 1.3.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the WordPress Solace Extra Plugin versions up to 1.3.2. It allows an attacker with administrator privileges to make the affected website send HTTP requests to arbitrary domains controlled by the attacker. This can potentially expose sensitive information from other services running on the same system. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to access sensitive information from other services on the same system by making the website send unauthorized HTTP requests. However, the impact is considered low severity with a CVSS score of 4.4, and exploitation requires administrator privileges, making it less likely to be exploited. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual HTTP requests initiated by the Solace Extra plugin to arbitrary or unexpected external domains. Since the vulnerability requires administrator privileges to exploit, reviewing logs for HTTP requests made by the plugin or the web server to suspicious domains can help. However, no specific detection commands are provided in the available resources. It is recommended to use professional incident response services or hosting provider assistance for thorough malware scanning rather than relying solely on plugin-based malware scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate recommended mitigation is to update the Solace Extra plugin to version 1.3.3 or later, where the vulnerability is fixed. As an interim measure, Patchstack offers virtual patching (vPatching) which can auto-mitigate the vulnerability even before applying the official patch. Due to the low severity and exploitation likelihood, these steps are considered sufficient to reduce risk. [1]