CVE-2025-58848
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wp_likes | 3.1.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress WP Likes Plugin up to version 3.1.1. It allows an attacker to trick authenticated users, especially those with higher privileges, into performing unwanted actions on the site without their consent. This can lead to compromised site integrity. The vulnerability also involves reflected Cross-Site Scripting (XSS). [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute unauthorized actions on your WordPress site by exploiting authenticated users, potentially compromising the site's integrity. Since the plugin is abandoned and unpatched, the risk remains unless mitigated by virtual patches or removing the plugin. This could lead to unauthorized changes, data manipulation, or other malicious activities on your site. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability is challenging because plugin-based malware scanners may be unreliable. There are no specific commands provided to detect the vulnerability on your network or system. It is recommended to monitor for suspicious actions by higher privileged users that could indicate exploitation of the CSRF vulnerability. Seeking professional incident response services is advised if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable WP Likes plugin (versions up to 3.1.1) with an alternative plugin, as there is no official fix or patch available. Deactivating the plugin alone does not eliminate the risk unless a virtual patch (vPatch) is applied. Patchstack offers virtual patching as a mitigation strategy to automatically protect against this vulnerability. Seeking professional incident response services is also recommended if compromise is suspected. [1]