CVE-2025-58977
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2026-04-23

Assigner: Patchstack

Description
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds ebay-feeds-for-wordpress allows Server Side Request Forgery.This issue affects WP eBay Product Feeds: from n/a through <= 3.4.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2026-04-23
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58977
EUVD
EUVD-2025-27391
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
winwar_medi wp_ebay_product_feeds *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Server-Side Request Forgery (SSRF) in the WordPress WP eBay Product Feeds Plugin up to version 3.4.8. It allows an attacker to manipulate the affected website into making HTTP requests to arbitrary domains controlled by the attacker. This can potentially expose sensitive information from other services running on the same system. [1]

Impact Analysis

The impact of this vulnerability includes the potential exposure of sensitive information from other services running on the same system as the affected plugin. An attacker with contributor-level privileges can exploit this SSRF vulnerability to make unauthorized HTTP requests, which may lead to information disclosure. However, the vulnerability has a low severity rating and is considered low priority. [1]

Detection Guidance

Detection of this SSRF vulnerability involves monitoring for unusual HTTP requests originating from the affected WordPress site to arbitrary or suspicious external domains. Since the vulnerability allows attackers to manipulate the site into making HTTP requests, network traffic analysis tools like tcpdump or Wireshark can be used to capture outgoing requests. For example, using tcpdump to filter HTTP traffic: `tcpdump -i any tcp port 80 or tcp port 443 -w capture.pcap`. Additionally, reviewing web server logs for unexpected outbound requests or unusual URL parameters related to the WP eBay Product Feeds plugin may help. However, no specific detection commands are provided in the resources. For compromised sites, professional incident response or hosting provider malware scanning is recommended over plugin-based scanners. [1]

Mitigation Strategies

Immediate mitigation steps include updating the WP eBay Product Feeds plugin to version 3.4.9 or later, where the SSRF vulnerability has been fixed. If updating immediately is not possible, applying Patchstack's virtual patching (vPatching) can provide automatic protection against this vulnerability as an interim measure. Additionally, monitoring and restricting outbound HTTP requests from the server may help reduce risk. If a compromise is suspected, engage professional incident response or hosting provider malware scanning rather than relying solely on plugin-based malware scanners. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart