CVE-2025-58869
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-05

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Cross-Site Request Forgery (CSRF) vulnerability in Simasicher SimaCookie simasicher-dsgvo-cookie allows Stored XSS.This issue affects SimaCookie: from n/a through <= 1.3.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-05
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-05
EPSS Evaluated
2026-06-14
NVD
CVE-2025-58869
EUVD
EUVD-2025-26908
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
simasicher sima_cookie 1.3.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58869 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress SimaCookie Plugin versions up to 1.3.2. It allows an attacker to trick authenticated users, especially those with higher privileges, into executing unwanted actions on the site without their consent. This can lead to stored Cross-Site Scripting (XSS) attacks and compromise site security. The vulnerability is related to broken access control and has a CVSS score of 6.5, indicating low severity. The plugin is abandoned with no official fix available. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to perform unauthorized actions on your website through authenticated users, potentially leading to stored XSS attacks. This can compromise the security and integrity of your site, possibly resulting in data theft, site defacement, or further exploitation. Since the plugin is abandoned and no official fix exists, the risk remains unless you apply virtual patches or replace the plugin. Deactivating the plugin alone does not fully mitigate the threat. [1]

Detection Guidance

Detection of this vulnerability involves identifying the presence of the vulnerable SimaCookie plugin version 1.3.2 or earlier on your WordPress installation. Since the plugin is abandoned and no official fix exists, scanning your WordPress plugins for SimaCookie version 1.3.2 or below is essential. There are no specific commands provided for detection in the resources. However, you can check the plugin version via WordPress admin dashboard or by running commands like 'wp plugin list' if WP-CLI is installed. Additionally, monitoring for unusual authenticated user actions or unexpected requests that could indicate CSRF exploitation is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include removing and replacing the vulnerable SimaCookie plugin with a maintained alternative, as no official patch or update is available. Applying a virtual patch (vPatch) provided by Patchstack can auto-mitigate the vulnerability if removal is not immediately possible. Deactivating the plugin alone does not eliminate the threat. If compromise is suspected, professional incident response should be considered. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58869. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart