CVE-2025-58795
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| payoneer | checkout | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Authorization issue in the Payoneer Checkout WordPress plugin (up to version 3.4.0) that allows unauthenticated attackers to inject malicious content into website pages and posts. It is classified as a content spoofing vulnerability under OWASP Top 10 category A1: Broken Access Control. Exploiting this flaw, attackers can insert phishing pages or misleading content to deceive site visitors. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to inject malicious or misleading content into your website without needing to authenticate. This can lead to phishing attacks or deception of your site visitors, potentially damaging your site's reputation and trustworthiness. Although the severity is considered low and exploitation is unlikely, any site using the affected plugin version is potentially vulnerable. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your WordPress site is running the Payoneer Checkout Plugin version 3.4.0 or earlier, as these versions are affected. Since the vulnerability allows unauthenticated content injection, monitoring your website pages and posts for unexpected or malicious content could indicate exploitation. Specific commands are not provided, but you can verify the plugin version via WordPress admin dashboard or by running commands like 'wp plugin list' if WP-CLI is installed. Additionally, monitoring web server logs for unusual POST or GET requests targeting the Payoneer Checkout plugin endpoints may help detect attempts to exploit this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) solutions to block exploitation attempts since no official patch or fixed version is currently available. Monitoring for updates from the plugin developer and Patchstack is advised. Additionally, reviewing and restricting access to the plugin's functionality, implementing web application firewall (WAF) rules to block suspicious requests, and seeking professional incident response if compromise is suspected are recommended. [1]