CVE-2025-58798
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | bcm_duplicate_menu | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross Site Request Forgery (CSRF) in the WordPress BCM Duplicate Menu Plugin up to version 1.1.2. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions on the site without their consent. This can compromise the site's integrity by exploiting broken access control mechanisms. The vulnerability has a low severity rating with a CVSS score of 4.3 and does not require the attacker to be authenticated to attempt exploitation. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause privileged users to unknowingly execute actions that may compromise the integrity of the website. Although the severity is low and exploitation is considered unlikely to be widespread, it still poses a risk of unauthorized changes or actions being performed on the site. Users are advised to monitor for signs of compromise and consider professional incident response or server-side malware scanning if needed. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious actions performed by authenticated users that could be triggered by CSRF attacks. Since no specific detection commands are provided, it is recommended to perform server-side malware scanning and seek professional incident response if compromise is suspected. Plugin-based malware scanners may be unreliable for this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack to provide automatic protection in the absence of an official fix. Additionally, users should limit exposure by restricting access to the vulnerable plugin, monitoring for suspicious activity, and considering professional incident response if compromise is suspected. [1]