CVE-2025-59591
BaseFortify
Publication date: 2025-09-22
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| advancedcoding | wpdiscuz | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59591 is a Broken Access Control vulnerability in the WordPress wpDiscuz Plugin versions up to 7.6.33. It occurs because of missing authorization, authentication, or nonce token checks in certain functions, which allows users with Subscriber-level privileges to perform actions that should be restricted to higher-privileged users. This flaw is classified under the OWASP Top 10 category A1: Broken Access Control and has a low severity score of 4.3. [1]
How can this vulnerability impact me? :
This vulnerability could allow unauthorized users with low-level privileges (Subscribers) to perform actions reserved for higher-privileged users, potentially leading to unauthorized changes or actions within the wpDiscuz plugin. Although the risk is considered low and exploitation is unlikely, if exploited, it could compromise the integrity of the website's comment system or related functionalities. Users are advised to update to version 7.6.34 or later or apply virtual patching to mitigate the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the wpDiscuz plugin version is up to and including 7.6.33, as these versions are affected. Since the issue is due to missing authorization checks allowing Subscriber-level users to perform privileged actions, monitoring for unusual privilege escalations or unauthorized actions by low-privilege users could indicate exploitation. There are no specific commands provided for detection in the resources. It is also recommended to perform professional incident response and server-side malware scanning if compromise is suspected. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the wpDiscuz plugin to version 7.6.34 or later, where the vulnerability is fixed. Alternatively, applying Patchstack's virtual patching (vPatching) can provide automatic protection before official patches are applied. Additionally, enabling auto-update options for the plugin and conducting professional incident response and server-side malware scanning if compromise is suspected are recommended. [1]