CVE-2025-58616
BaseFortify
Publication date: 2025-09-03
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| frisbii | frisbii_pay | 1.8.2.1 |
| frisbii | frisbii_pay | 1.8.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Broken Access Control issue in the WordPress Frisbii Pay Plugin up to version 1.8.2.1. It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with contributor-level privileges or higher to perform actions that should be restricted to higher-privileged roles. It is classified under OWASP Top 10 category A1: Broken Access Control and has a CVSS score of 6.5, indicating low severity. [1]
How can this vulnerability impact me? :
This vulnerability can allow users with contributor-level privileges to perform unauthorized actions reserved for higher-privileged roles within the Frisbii Pay plugin. Although the risk is considered low and exploitation unlikely, it could lead to unauthorized changes or disruptions in the payment processing functionality. Timely updates to version 1.8.3 or newer are recommended to mitigate this risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying attempts by contributor-level or lower privileged users to perform actions reserved for higher-privileged roles within the Frisbii Pay plugin (versions up to 1.8.2.1). Since the issue is due to missing authorization checks, monitoring logs for unauthorized access attempts or unusual privilege escalations related to the plugin functions is recommended. Specific commands are not provided in the available resources. Using security monitoring tools or plugins that detect broken access control patterns in WordPress environments may help. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Frisbii Pay plugin to version 1.8.3 or later, where the vulnerability has been fixed. As an interim measure, applying Patchstack's virtual patching (vPatching) can automatically mitigate the vulnerability before official patches are applied. Additionally, enforcing strict access controls and monitoring contributor-level user activities can reduce risk. [1]