CVE-2025-58204
BaseFortify
Publication date: 2025-08-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| podlove | podcast_publisher | 4.2.6 |
| podlove | podcast_publisher | 4.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-601 | The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Open Redirection issue in the Podlove Podcast Publisher WordPress plugin (up to version 4.2.5). It occurs because the plugin does not properly validate redirect URLs, allowing attackers to redirect users from a trusted site to a malicious one. This can be exploited to facilitate phishing attacks by tricking users into visiting harmful websites. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by enabling attackers to redirect your users from your legitimate site to malicious websites. This can lead to phishing attacks where users may be tricked into providing sensitive information or downloading malware. Although the severity is considered low and exploitation is unlikely, it still poses a risk to user trust and security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Open Redirect vulnerability involves monitoring for suspicious redirect URLs originating from the Podlove Podcast Publisher plugin. Since the vulnerability allows redirection to untrusted sites without proper validation, you can inspect web server logs or use network monitoring tools to identify unexpected redirect patterns. Specific commands are not provided in the resources, but general approaches include searching access logs for redirect parameters or URLs that lead to external domains. Additionally, professional incident response or server-side malware scanning is recommended for compromised sites. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Podlove Podcast Publisher plugin to version 4.2.6 or later, which contains the fix for this vulnerability. Alternatively, users can apply Patchstack's virtual patching (vPatch) to automatically protect vulnerable installations before official patches are applied. If a site may have been compromised, it is recommended to seek professional incident response or perform server-side malware scanning rather than relying solely on plugin-based malware scanners. [1]