CVE-2025-58785
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2026-04-28

Assigner: Patchstack

Description
Missing Authorization vulnerability in Jiro Sasamoto Ray Enterprise Translation lingotek-translation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ray Enterprise Translation: from n/a through <= 1.7.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58785
EUVD
EUVD-2025-26992
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress ray_enterprise_translation_plugin 1.7.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58785 is a Broken Access Control vulnerability in the WordPress Ray Enterprise Translation Plugin (up to version 1.7.1). It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows users with low-level privileges (Subscriber-level) to perform actions that should be restricted to higher-privileged users. [1]

Impact Analysis

This vulnerability can allow unprivileged users to perform unauthorized actions, potentially leading to limited integrity and availability impacts within the affected system. Although the risk is considered low and exploitation unlikely, unauthorized actions could disrupt normal operations or modify data improperly. [1]

Detection Guidance

Detection involves monitoring for unauthorized actions performed by users with Subscriber-level privileges that should require higher privileges. Since the vulnerability allows privilege escalation via missing authorization checks in certain plugin functions, you can audit WordPress logs for suspicious activity such as unexpected changes or actions by low-privilege users. Specific commands are not provided in the resources. It is recommended to monitor access logs and WordPress user activity for anomalies. [1]

Mitigation Strategies

Immediate mitigation includes applying virtual patching (vPatching) provided by Patchstack, which offers automatic protection without performance loss despite no official patch being available. Additionally, monitor for updates from the plugin vendor and consider professional incident response if compromise is suspected. Restricting Subscriber-level user capabilities temporarily may also reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58785. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart