CVE-2025-58859
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | add_to_feedly | 1.2.11 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Add to Feedly Plugin up to version 1.2.11. It allows an attacker to trick authenticated users with higher privileges into performing unwanted actions without their consent. This can lead to stored Cross-Site Scripting (XSS) attacks, compromising site security. The vulnerability is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS score of 7.1, indicating a moderate severity. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute unauthorized actions on your site through authenticated users, potentially leading to site compromise. It can result in stored XSS attacks, which may expose sensitive data, allow privilege escalation, or enable further attacks on users and the site. Since the plugin is abandoned and no official fix is available, the risk remains unless mitigated by removing the plugin or applying virtual patches. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the vulnerable Add to Feedly plugin version 1.2.11 or earlier on your WordPress site. Since the vulnerability is a CSRF allowing stored XSS, monitoring for unusual or unauthorized actions performed by authenticated users may indicate exploitation. Specific commands are not provided in the resources, but checking the installed plugin version can be done via WordPress CLI commands such as 'wp plugin list' to identify the plugin and its version. Additionally, monitoring web server logs for suspicious requests or unexpected user actions may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Add to Feedly plugin with an alternative plugin, as no official fix or updated version is available. Applying a virtual patch (vPatch) provided by Patchstack can offer immediate protection without an official patch. Simply deactivating the plugin is insufficient to eliminate the security risk. Employing professional incident response services is recommended if compromise is suspected. [1]