CVE-2025-58204
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-27

Last updated on: 2026-04-23

Assigner: Patchstack

Description
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Phishing.This issue affects Podlove Podcast Publisher: from n/a through <= 4.2.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-27
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-08-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58204
EUVD
EUVD-2025-25926
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
podlove podcast_publisher 4.2.6
podlove podcast_publisher 4.2.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Open Redirection issue in the Podlove Podcast Publisher WordPress plugin (up to version 4.2.5). It occurs because the plugin does not properly validate redirect URLs, allowing attackers to redirect users from a trusted site to a malicious one. This can be exploited to facilitate phishing attacks by tricking users into visiting harmful websites. [1]

Impact Analysis

The vulnerability can impact you by enabling attackers to redirect your users from your legitimate site to malicious websites. This can lead to phishing attacks where users may be tricked into providing sensitive information or downloading malware. Although the severity is considered low and exploitation is unlikely, it still poses a risk to user trust and security. [1]

Detection Guidance

Detection of this Open Redirect vulnerability involves monitoring for suspicious redirect URLs originating from the Podlove Podcast Publisher plugin. Since the vulnerability allows redirection to untrusted sites without proper validation, you can inspect web server logs or use network monitoring tools to identify unexpected redirect patterns. Specific commands are not provided in the resources, but general approaches include searching access logs for redirect parameters or URLs that lead to external domains. Additionally, professional incident response or server-side malware scanning is recommended for compromised sites. [1]

Mitigation Strategies

The immediate mitigation step is to update the Podlove Podcast Publisher plugin to version 4.2.6 or later, which contains the fix for this vulnerability. Alternatively, users can apply Patchstack's virtual patching (vPatch) to automatically protect vulnerable installations before official patches are applied. If a site may have been compromised, it is recommended to seek professional incident response or perform server-side malware scanning rather than relying solely on plugin-based malware scanners. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58204. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart