CVE-2025-58980
BaseFortify
Publication date: 2025-09-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | export_wp_page_to_static_html_css | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58980 is a Broken Access Control vulnerability in the WordPress plugin "Export WP Page to Static HTML/CSS" versions up to 4.1.0. It allows unauthenticated users to perform actions that should require higher privileges because certain functions lack proper authorization, authentication, or nonce token checks. This means attackers can access functionality that should be restricted without logging in or having permissions. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to access and use functions of the plugin that should be protected, potentially leading to unauthorized data exposure or manipulation. Although the severity is considered low (CVSS 5.3) and exploitation is unlikely, it still poses a risk of unauthorized access to site functionality without requiring authentication. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows unauthenticated users to access functions without proper authorization in the Export WP Page to Static HTML/CSS plugin up to version 4.1.0. Detection can involve monitoring for unauthorized access attempts to plugin endpoints or suspicious HTTP requests targeting the plugin's functionality. While specific commands are not provided, you can use web server logs analysis tools or commands such as 'grep' to search for unusual access patterns to the plugin's URLs. Additionally, server-side malware scanning is recommended if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the Export WP Page to Static HTML/CSS plugin to version 4.2.0 or later, where the issue is fixed. Additionally, consider applying virtual patching (vPatching) if available to auto-mitigate the vulnerability before official patches are applied. Implementing server-side malware scanning is also advised if you suspect any compromise. [1]