CVE-2025-58789
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themeisle | wp_full_stripe_free | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58789 is an SQL Injection vulnerability in the WordPress WP Full Stripe Free Plugin (up to version 8.3.0). It allows a malicious actor with administrator privileges to manipulate the website's database by injecting malicious SQL commands. This can lead to unauthorized data access or manipulation. The vulnerability falls under the OWASP Top 10 category A3: Injection and has a moderate severity CVSS score of 7.6. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with administrator access to steal or manipulate data in the website's database. This could lead to data breaches or unauthorized changes to sensitive information. However, exploitation requires administrator-level access, and the impact is considered moderate. There is currently no official patch, but virtual patching is available as a mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious administrator-level activities interacting with the database, as exploitation requires admin privileges. Since no specific detection commands are provided, general SQL injection detection methods such as monitoring web application logs for unusual SQL queries or using web application firewalls with SQL injection detection rules are recommended. Additionally, monitoring for unexpected database queries or changes initiated by admin users may help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which provides rapid protection without performance loss even in the absence of an official fix. Users should monitor for official updates or patches, restrict administrator access to trusted personnel only, and consider professional incident response if compromise is suspected. [1]