CVE-2025-58007
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-22

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in NerdPress Hubbub Lite social-pug allows Retrieve Embedded Sensitive Data.This issue affects Hubbub Lite: from n/a through <= 1.35.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-22
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-22
EPSS Evaluated
2026-06-14
NVD
CVE-2025-58007
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress social_pug 1.35.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58007 is a Sensitive Data Exposure vulnerability in the WordPress Social Pug Plugin (versions up to 1.35.1). It allows a malicious user with subscriber-level privileges to access sensitive system information that should normally be restricted. This vulnerability falls under the OWASP Top 10 category A1: Broken Access Control, meaning it involves improper restriction of access to sensitive data. Although the severity is considered low (CVSS score 4.3), the exposed data could potentially be used to exploit other weaknesses in the system. [1]

Impact Analysis

This vulnerability can impact you by allowing a low-privileged user (subscriber-level) to retrieve sensitive information that should be protected. While the direct impact is limited (no integrity or availability loss), the exposure of sensitive data could be leveraged by attackers to find further vulnerabilities or escalate attacks. The risk is considered low and exploitation unlikely, but it still poses a security concern. There is currently no official patch, but virtual patching is available to mitigate the risk. [1]

Detection Guidance

Detection of this vulnerability involves monitoring for unauthorized access attempts by users with subscriber-level privileges to sensitive data normally restricted. Since no specific detection commands are provided, general recommendations include server-side malware scanning and monitoring access logs for unusual data retrieval patterns by low-privilege accounts. Using WordPress security plugins to audit user activities and access controls may also help identify exploitation attempts. [1]

Mitigation Strategies

Immediate mitigation steps include applying Patchstack's virtual patching (vPatching) solution, which auto-mitigates the vulnerability even without an official fix. Additionally, users should monitor for updates from the plugin developer, implement server-side malware scanning, restrict subscriber-level access where possible, and consider professional incident response if compromise is suspected. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart