CVE-2025-58688
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| casengo | live_chat_support | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Casengo Live Chat Support WordPress plugin (up to version 2.1.4). It allows an attacker to trick authenticated users, especially those with higher privileges, into performing unwanted actions without their consent. This can lead to stored Cross-Site Scripting (XSS), compromising the security of the affected site. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute unauthorized actions on your site by exploiting authenticated users, potentially leading to stored XSS attacks. This can compromise site security, lead to data manipulation, unauthorized access, and other malicious activities. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patching or replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for signs of Cross-Site Request Forgery (CSRF) attacks targeting the Casengo Live Chat Support plugin. Since automated attacks exploit this vulnerability opportunistically, network monitoring for unusual POST requests or unexpected actions performed by authenticated users may help. However, no specific detection commands are provided. It is recommended to perform professional incident response and server-side malware scanning rather than relying on plugin-based scanners, which may be tampered with by malware. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include replacing the vulnerable Casengo Live Chat Support plugin (version 2.1.4 or earlier) with an alternative solution, as no official patch is available and the plugin is abandoned. Deactivating the plugin alone is insufficient unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as an immediate protective measure that auto-mitigates the vulnerability without requiring an official fix. [1]