Platform
wordpress
Component
mow
Fixed in
4.10.1
CVE-2025-58997 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the Frenify Mow WordPress theme. This vulnerability allows attackers to inject code, potentially leading to unauthorized actions and compromising the website. The vulnerability affects versions of Mow from 0.0.0 through 4.10, and a patch is available in version 4.10.1.
A successful CSRF attack leverages a user's authenticated session to execute malicious actions on their behalf without their knowledge. In the context of the Frenify Mow theme, this could allow an attacker to inject arbitrary code, potentially modifying theme settings, installing malicious plugins, or even gaining full control of the WordPress site. The impact is particularly severe due to the potential for code injection, which could lead to data breaches, defacement, or complete system compromise. The ability to inject code significantly expands the attack surface beyond simple parameter manipulation.
CVE-2025-58997 was publicly disclosed on 2025-09-09. There is currently no indication of active exploitation campaigns targeting this vulnerability. The CVSS score of 9.6 (CRITICAL) reflects the high potential impact of code injection. No KEV listing exists at the time of writing. Public proof-of-concept exploits are not yet available, but the CSRF nature of the vulnerability makes it likely that such exploits will emerge.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-58997 is to immediately upgrade the Frenify Mow theme to version 4.10.1 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the sources from which the browser can load resources. Additionally, implement strict input validation and output encoding to prevent code injection. Web Application Firewall (WAF) rules can be configured to detect and block suspicious CSRF requests, but this is a secondary defense and should not replace upgrading the theme. Verify the upgrade by attempting to trigger a CSRF attack after the update and confirming that the request is blocked or fails.
Update the Mow theme to the latest available version to mitigate the Cross-Site Request Forgery (CSRF) vulnerability. Check the theme page on wordpress.org for the most recent update. Implement additional security measures, such as CSRF token validation, to further protect your website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58997 is a critical Cross-Site Request Forgery (CSRF) vulnerability in the Frenify Mow WordPress theme, allowing attackers to inject code via crafted requests.
You are affected if you are using Frenify Mow theme versions 0.0.0 through 4.10. Check your WordPress plugin list to confirm your version.
Upgrade the Frenify Mow theme to version 4.10.1 or later. Implement a Content Security Policy (CSP) as an additional layer of defense.
There is currently no indication of active exploitation campaigns, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the Frenify Mow theme's official website or WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.