CVE-2025-58783

Vulnerability

Overview

CVE-2025-58783 is a missing authorization vulnerability in the Gutentor WordPress plugin, affecting versions from n/a through 3.5.5. The issue stems from incorrectly configured access control security levels, which can be exploited to bypass intended permission checks [1].

Exploitation

An attacker can exploit this vulnerability, an attacker does not need any special privileges or authentication. The broken access control allows unprivileged users to execute actions that should be restricted to higher-privileged roles, such as administrators. This type of flaw is commonly used in mass-exploit campaigns targeting thousands of websites regardless of their size or popularity [1].

Impact

Successful exploitation could enable an attacker to perform unauthorized actions within the WordPress site, potentially leading to data exposure, content manipulation, or other security breaches. The CVSS v3 base score is 4.3 (Medium), indicating a moderate severity [1].

Mitigation

The vulnerability has been addressed in Gutentor version 3.5.6. Users are strongly advised to update the plugin immediately. For those unable to update, consulting a hosting provider or web developer is recommended. Patchstack users can enable auto-updates for vulnerable plugins [1].