CVE-2025-58217
BaseFortify
Publication date: 2025-08-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| geronikolov | instant_breaking_news | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress Instant Breaking News Plugin up to version 1.0. It allows a malicious actor to trick authenticated users with higher privileges into executing unwanted actions on the site without their consent, potentially compromising site integrity. It is related to stored Cross-Site Scripting (XSS) and falls under broken access control vulnerabilities. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized actions being performed on your site by attackers exploiting authenticated users, which may compromise the integrity of your site. Although it is considered low severity and unlikely to be widely exploited, it can still allow attackers to perform malicious actions if the site remains unpatched. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the Instant Breaking News WordPress plugin to version 1.0.1 or later, as this version contains the fix. Additionally, you can use Patchstack's virtual patching to auto-mitigate the vulnerability before applying official patches. Timely updates are recommended to prevent opportunistic automated attacks. [1]