CVE-2025-58606
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cozythemes | saaslauncher | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58606 is a broken access control vulnerability in the WordPress SaasLauncher Theme up to version 1.3.0. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, allowing users with low privileges (Subscriber-level) to perform actions meant for higher-privileged users. This means that access control is incorrectly configured, enabling unauthorized actions. [1]
How can this vulnerability impact me? :
This vulnerability allows unprivileged users to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or misuse within the affected WordPress theme. Although it has a low severity rating and low exploitation likelihood, if exploited, it could compromise the integrity of the site by allowing privilege escalation or unauthorized modifications. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the SaasLauncher theme to version 1.3.1 or later, which contains the fix for this vulnerability. Additionally, virtual patching (vPatching) can be applied as an immediate protective measure to auto-mitigate the vulnerability before official patches are installed. Users should also consider professional incident response and server-side malware scanning if a compromise is suspected, rather than relying solely on plugin-based scanners. [1]