CVE-2025-58010
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| straightvisions | sv_proven_expert | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress SV Proven Expert Plugin up to version 2.0.06. It allows an attacker to trick authenticated users with higher privileges into executing unwanted actions on the site without their consent, potentially compromising the site's integrity. The plugin is abandoned and has no official fix, making it vulnerable to exploitation. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to perform unauthorized actions on your website through authenticated users, which may lead to compromised site integrity. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patches or by removing the plugin. This could result in unauthorized changes or disruptions to your site. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying a virtual patch (vPatch) provided by Patchstack to protect against automated attacks, as there is no official fix or patch available. It is strongly recommended to remove and replace the SV Proven Expert plugin due to its abandonment and lack of updates. Additionally, consider seeking professional incident response if you suspect compromise. [1]