CVE-2025-58269
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wedevs | wp_project_manager | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58269 is a vulnerability in the WordPress WP Project Manager Plugin (up to version 2.6.25) where hard-coded credentials allow unauthenticated attackers to retrieve embedded sensitive data that should normally be restricted. This means attackers can access sensitive information without needing authorization. [1]
How can this vulnerability impact me? :
This vulnerability can expose sensitive data to unauthorized users, potentially enabling further exploitation of other system weaknesses. Although it is considered low severity with a CVSS score of 5.3, the exposure of sensitive information can lead to privacy breaches or other security issues. There is currently no official patch, but virtual patching is available to mitigate the risk. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch or fixed plugin version is currently available for this vulnerability, it is recommended to use Patchstack's virtual patching (vPatch) solution, which automatically protects against this vulnerability. Additionally, users should monitor for updates from the plugin developers and consider virtual patching to reduce risk. [1]