CVE-2025-58865
BaseFortify
Publication date: 2025-09-05
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | compact_admin_plugin | 1.3.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in the WordPress Compact Admin Plugin versions up to 1.3.0. It allows an attacker to trick authenticated users with higher privileges into executing unwanted actions on the site without their consent, potentially compromising site security. The vulnerability is classified under OWASP Top 10 category A1: Broken Access Control and has a low severity rating with a CVSS score of 4.3. [1]
How can this vulnerability impact me? :
The vulnerability can impact you by allowing attackers to perform unauthorized actions on your site by exploiting authenticated users with higher privileges. This can lead to compromised site security, unauthorized changes, or other malicious activities. Since the plugin is abandoned and no official fix is available, the risk persists unless mitigated by virtual patches or by removing and replacing the plugin. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There are no specific detection commands or network indicators provided for this vulnerability. Detection would generally involve checking if the WordPress Compact Admin Plugin version 1.3.0 or earlier is installed and active on your system, as these versions are vulnerable to CSRF attacks. Since the vulnerability exploits authenticated user actions, monitoring for unusual or unauthorized administrative actions might help, but no explicit commands or signatures are given. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include removing and replacing the vulnerable Compact Admin plugin with an alternative plugin, as no official fix or updated version is available. Applying a virtual patch (vPatch) from Patchstack is recommended to provide immediate protection against attacks exploiting this vulnerability. Simply deactivating the plugin is insufficient to eliminate the risk. [1]