CVE-2025-58977
BaseFortify
Publication date: 2025-09-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| winwar_medi | wp_ebay_product_feeds | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Server-Side Request Forgery (SSRF) in the WordPress WP eBay Product Feeds Plugin up to version 3.4.8. It allows an attacker to manipulate the affected website into making HTTP requests to arbitrary domains controlled by the attacker. This can potentially expose sensitive information from other services running on the same system. [1]
How can this vulnerability impact me? :
The impact of this vulnerability includes the potential exposure of sensitive information from other services running on the same system as the affected plugin. An attacker with contributor-level privileges can exploit this SSRF vulnerability to make unauthorized HTTP requests, which may lead to information disclosure. However, the vulnerability has a low severity rating and is considered low priority. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this SSRF vulnerability involves monitoring for unusual HTTP requests originating from the affected WordPress site to arbitrary or suspicious external domains. Since the vulnerability allows attackers to manipulate the site into making HTTP requests, network traffic analysis tools like tcpdump or Wireshark can be used to capture outgoing requests. For example, using tcpdump to filter HTTP traffic: `tcpdump -i any tcp port 80 or tcp port 443 -w capture.pcap`. Additionally, reviewing web server logs for unexpected outbound requests or unusual URL parameters related to the WP eBay Product Feeds plugin may help. However, no specific detection commands are provided in the resources. For compromised sites, professional incident response or hosting provider malware scanning is recommended over plugin-based scanners. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WP eBay Product Feeds plugin to version 3.4.9 or later, where the SSRF vulnerability has been fixed. If updating immediately is not possible, applying Patchstack's virtual patching (vPatching) can provide automatic protection against this vulnerability as an interim measure. Additionally, monitoring and restricting outbound HTTP requests from the server may help reduce risk. If a compromise is suspected, engage professional incident response or hosting provider malware scanning rather than relying solely on plugin-based malware scanners. [1]