CVE-2025-58813
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| consultstreet | consultstreet_theme | 3.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58813 is a broken access control vulnerability in the WordPress Consultstreet Theme up to version 3.0.0. It occurs due to missing authorization, authentication, or nonce token checks in certain functions, which allows unprivileged users (such as those with subscriber-level access) to perform actions that should be restricted to higher privileged users. This issue falls under the OWASP Top 10 category A1: Broken Access Control. [1]
How can this vulnerability impact me? :
This vulnerability can allow users with low-level privileges to perform unauthorized actions that are normally reserved for higher privileged users. While the severity is rated low (CVSS 4.3) and exploitation is considered unlikely, it could lead to unauthorized changes or actions within the affected WordPress site using the Consultstreet theme. There is currently no official patch, so mitigation strategies like virtual patching or professional incident response are recommended if compromise is suspected. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized actions performed by subscriber-level users that should require higher privileges. Since the vulnerability is due to missing authorization checks in the Consultstreet theme, network detection may be limited. Users are advised to perform server-side malware scanning or engage professional incident response services if compromise is suspected. No specific detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) provided by Patchstack, which auto-mitigates the vulnerability without requiring an official patch. Users should also monitor for suspicious activity and consider professional incident response if compromise is suspected. Since no official fix or patched version is available, relying on vPatching and enhanced monitoring is recommended. [1]