CVE-2025-53587: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in ApusTheme Findgo theme affecting versions through 1.3.57. The vulnerability was reported on July 29, 2025, and publicly disclosed on August 14, 2025. This security issue allows attackers to perform Cross Site Request Forgery attacks against the WordPress theme (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The attack vector is Network-based, requires Low attack complexity, needs No privileges, but does require User interaction. The scope is Unchanged, with High impact on Confidentiality, Integrity, and Availability. The vulnerability is tracked as CWE-352 (Cross-Site Request Forgery) (NVD, Patchstack).

This vulnerability could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. The severity impact is considered high with potential implications for system confidentiality, integrity, and availability (Patchstack).

The vulnerability has been fixed in version 1.3.58 of the Findgo theme. Users are advised to update to version 1.3.58 or later to remove the vulnerability. The security issue is considered to have a low severity impact and is unlikely to be exploited (Patchstack).