CVE-2025-58663
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themeum | qubely | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58663 is a Broken Access Control vulnerability in the WordPress Qubely Plugin (up to version 1.8.14). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which can allow users with Contributor-level privileges to perform actions meant for higher-privileged roles. This means that the plugin does not properly restrict access to some functions, potentially enabling unauthorized privilege escalation. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with Contributor-level access to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or control within the WordPress site. Although the severity is rated low (CVSS 4.3), it still poses a risk of privilege escalation and unauthorized modifications, which could affect site integrity and security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for unauthorized access attempts or privilege escalations related to the Qubely plugin functions. Since the vulnerability allows Contributor-level users to perform higher-privileged actions due to missing authorization checks, monitoring WordPress logs for unusual activity by Contributor users is recommended. Specific commands are not provided, but reviewing access logs and plugin activity logs for unexpected behavior or privilege misuse can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation includes applying virtual patching (vPatching) provided by Patchstack, which offers automatic protection despite the absence of an official patch. Additionally, restricting Contributor-level user permissions and monitoring for suspicious activity can reduce risk until an official fix is released. [1]