CVE-2025-58797
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | ninja_charts | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-497 | The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WordPress Ninja Charts Plugin (up to version 3.3.2) allows unauthenticated attackers to access sensitive system information that should normally be restricted. It is classified as Sensitive Data Exposure with a CVSS score of 5.3, indicating low severity. The issue falls under the OWASP Top 10 category A4: Insecure Design and requires no privileges or user interaction to exploit. [1]
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive information, which could potentially be used to exploit other weaknesses in the system. Although the impact is considered low and the likelihood of exploitation is limited, exposure of sensitive data can still pose security risks. There is currently no official patch, but virtual patching is available as a mitigation. [1]
What immediate steps should I take to mitigate this vulnerability?
Since there is no official fix or patched version available for this vulnerability, it is recommended to apply virtual patching (vPatching) provided by Patchstack to automatically protect your site. Additionally, monitor for updates from the plugin developer or security sources and consider restricting access to the affected plugin until a patch is released. [1]