平台
wordpress
组件
wp_attractivedonationssystem
修复版本
1.25.1
CVE-2025-58999 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WP Attractive Donations System - Easy Stripe & Paypal donations WordPress plugin. This flaw allows an attacker to trick authenticated users into unknowingly executing unwanted actions, potentially leading to unauthorized modifications of donation configurations or user data. The vulnerability impacts versions 1.0.0 through 1.25, and a patch is expected to be released by the vendor.
A successful CSRF attack could allow an attacker to manipulate the plugin's settings without the user's knowledge or consent. This could involve altering donation amounts, redirecting payments, or even modifying user roles within the plugin's administration interface. The impact is amplified if the plugin is integrated with other systems or services, as a compromised donation configuration could have cascading effects. While the plugin itself may not directly expose sensitive user data, successful manipulation could lead to financial losses for the website owner and a diminished user trust.
CVE-2025-58999 was publicly disclosed on 2025-12-16. There are currently no known public proof-of-concept exploits available. The vulnerability's impact is considered medium, and it is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time, but the public disclosure increases the risk of exploitation.
Websites utilizing the WP Attractive Donations System plugin, particularly those with publicly accessible donation forms, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially impact others.
• wordpress / composer / npm:
grep -r 'wp_attractive_donations_system' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list --status=inactive | grep wp_attractive_donations_system• wordpress / composer / npm:
wp plugin list --status=active | grep wp_attractive_donations_systemdisclosure
漏洞利用状态
EPSS
0.02% (5% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2025-58999 is to upgrade to a patched version of the WP Attractive Donations System plugin as soon as it becomes available. Until a patch is released, consider implementing a temporary workaround by adding CSRF tokens to all sensitive actions within the plugin's admin interface. Web Application Firewalls (WAFs) configured with CSRF protection rules can also provide an additional layer of defense. Regularly review plugin access logs for suspicious activity and consider limiting access to the plugin's admin interface to authorized personnel only.
目前没有已知的补丁。请深入审查漏洞的详细信息,并根据您组织的风险承受能力采取缓解措施。最好卸载受影响的软件并寻找替代方案。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2025-58999 is a Cross-Site Request Forgery (CSRF) vulnerability affecting versions 1.0.0–1.25 of the WP Attractive Donations System plugin, allowing attackers to forge requests and potentially modify settings.
If you are using WP Attractive Donations System version 1.0.0 through 1.25, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the WP Attractive Donations System plugin. Until a patch is released, consider implementing CSRF tokens or using a WAF.
Active exploitation is not currently confirmed, but the public disclosure increases the risk. Monitor your systems for suspicious activity.
Refer to the vendor's website or WordPress plugin repository for the official advisory and patch release information.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。