CVE-2025-58011
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | content_mask | 1.8.5.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the WordPress Content Mask Plugin up to version 1.8.5.2. It allows an attacker with Contributor-level access to make the affected website send arbitrary HTTP requests to domains controlled by the attacker. This can lead to unauthorized internal network scanning and exposure of sensitive information from other services running on the same system. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can allow attackers to perform unauthorized internal network scanning and access sensitive information from other services on the same server. This can lead to data exposure and potential further compromise of the system. Since the plugin is abandoned and no official fix is available, the risk remains unless mitigated by virtual patching or replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual HTTP requests originating from the affected WordPress site to attacker-controlled domains or internal services. Since exploitation requires Contributor-level access, reviewing logs for suspicious request patterns or unexpected outbound connections can help. No specific commands are provided in the resources. Professional incident response and server-side malware scanning are recommended over plugin-based scanners, as malware can tamper with those. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Content Mask plugin, as no official patch or updated version is available. Simply deactivating the plugin is insufficient unless a virtual patch (vPatch) is applied. Applying a virtual patch is recommended as an effective interim mitigation strategy to neutralize the vulnerability. Additionally, monitoring and professional incident response are advised if compromise is suspected. [1]