CVE-2025-58861
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | quick_event_calendar | 1.4.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the WordPress Quick Event Calendar Plugin up to version 1.4.9. It allows an attacker to trick authenticated users with higher privileges into executing unwanted actions on the site, potentially leading to stored Cross-Site Scripting (XSS). This means malicious scripts can be injected and stored via the plugin, compromising site integrity. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to perform unauthorized actions on your WordPress site when a privileged user is tricked into executing them. This can lead to stored XSS attacks, which may compromise site integrity, leak sensitive information, or allow further exploitation. Although the severity is considered low and exploitation is unlikely, the risk remains significant enough to warrant mitigation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious Cross-Site Request Forgery (CSRF) attempts targeting the Quick Event Calendar plugin up to version 1.4.9. Since no specific detection commands are provided, general approaches include reviewing web server logs for unusual POST requests to the plugin's endpoints and using server-side malware scanning tools to identify potential exploitation. Patchstack recommends professional incident response and server-side malware scanning if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) to block exploitation attempts since no official patch or fixed version is available. Additionally, restricting access to the plugin's administrative functions, implementing strict CSRF protections, and conducting professional incident response and server-side malware scanning if compromise is suspected are recommended. [1]