Plattform
wordpress
Komponente
mow
Behoben in
4.10.1
CVE-2025-58997 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Frenify Mow WordPress theme. This vulnerability allows attackers to inject code, potentially leading to unauthorized actions and compromising the website. The vulnerability affects versions of Mow from 0.0.0 through 4.10, and a patch is available in version 4.10.1.
A successful CSRF attack exploits the trust a website has in a user's browser. In this case, an attacker could craft malicious requests that, when triggered by a logged-in user of the Mow theme, could execute arbitrary code. This could involve modifying theme settings, adding malicious content, or even gaining administrative access if the user has sufficient privileges. The potential blast radius is significant, as a compromised WordPress site can be used to distribute malware, steal sensitive data, or launch attacks against other systems. The code injection aspect elevates the risk, allowing for more sophisticated and damaging attacks beyond simple configuration changes.
CVE-2025-58997 was publicly disclosed on 2025-09-09. The CVSS score of 9.6 (CRITICAL) indicates a high probability of exploitation. While no public proof-of-concept (PoC) code has been released at the time of writing, the combination of a critical CVSS score and the code injection potential suggests active exploitation is possible. It is not currently listed on the CISA KEV catalog.
Websites utilizing the Frenify Mow theme, particularly those with administrative users who frequently interact with the theme's settings, are at significant risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'frenify_mow_options' /var/www/html/• wordpress / composer / npm:
wp plugin list | grep mow• wordpress / composer / npm:
wp plugin update mowdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-58997 is to immediately upgrade the Frenify Mow theme to version 4.10.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) with CSRF protection rules. These rules can help block malicious requests by verifying the authenticity of incoming requests. Additionally, ensure that all user input is properly validated and sanitized to prevent code injection. Regularly review WordPress user roles and permissions to minimize the potential impact of a compromised account.
Actualice el tema Mow a la última versión disponible para mitigar la vulnerabilidad de Cross-Site Request Forgery (CSRF). Verifique la página del tema en wordpress.org para obtener la actualización más reciente. Implemente medidas de seguridad adicionales, como la validación de tokens CSRF, para proteger aún más su sitio web.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-58997 is a critical Cross-Site Request Forgery (CSRF) vulnerability in the Frenify Mow WordPress theme, allowing attackers to inject code via crafted requests.
You are affected if you are using Frenify Mow theme versions 0.0.0 through 4.10. Check your WordPress plugin list to confirm your version.
Upgrade the Frenify Mow theme to version 4.10.1 or later. Implement a Content Security Policy (CSP) as an additional layer of defense.
There is currently no indication of active exploitation campaigns, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the Frenify Mow theme's official website or WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.