Plattform
wordpress
Komponente
wp_attractivedonationssystem
Behoben in
1.25.1
CVE-2025-58999 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WP Attractive Donations System - Easy Stripe & Paypal donations WordPress plugin. This flaw allows an attacker to trick authenticated users into unknowingly executing unwanted actions, potentially leading to unauthorized modifications of donation configurations or user data. The vulnerability impacts versions 1.0.0 through 1.25, and a patch is expected to be released by the vendor.
A successful CSRF attack could allow an attacker to manipulate the plugin's settings without the user's knowledge or consent. This could involve altering donation amounts, redirecting payments, or even modifying user roles within the plugin's administration interface. The impact is amplified if the plugin is integrated with other systems or services, as a compromised donation configuration could have cascading effects. While the plugin itself may not directly expose sensitive user data, successful manipulation could lead to financial losses for the website owner and a diminished user trust.
CVE-2025-58999 was publicly disclosed on 2025-12-16. There are currently no known public proof-of-concept exploits available. The vulnerability's impact is considered medium, and it is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time, but the public disclosure increases the risk of exploitation.
Websites utilizing the WP Attractive Donations System plugin, particularly those with publicly accessible donation forms, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially impact others.
• wordpress / composer / npm:
grep -r 'wp_attractive_donations_system' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list --status=inactive | grep wp_attractive_donations_system• wordpress / composer / npm:
wp plugin list --status=active | grep wp_attractive_donations_systemdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-58999 is to upgrade to a patched version of the WP Attractive Donations System plugin as soon as it becomes available. Until a patch is released, consider implementing a temporary workaround by adding CSRF tokens to all sensitive actions within the plugin's admin interface. Web Application Firewalls (WAFs) configured with CSRF protection rules can also provide an additional layer of defense. Regularly review plugin access logs for suspicious activity and consider limiting access to the plugin's admin interface to authorized personnel only.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-58999 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.0.0–1.25 of the WP Attractive Donations System plugin, allowing attackers to forge requests and potentially modify settings.
If you are using WP Attractive Donations System version 1.0.0 through 1.25, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the WP Attractive Donations System plugin. Until a patch is released, consider implementing CSRF tokens or using a WAF.
Active exploitation is not currently confirmed, but the public disclosure increases the risk. Monitor your systems for suspicious activity.
Refer to the vendor's website or WordPress plugin repository for the official advisory and patch release information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.