CVE-2025-58615: 
WordPress vulnerability analysis and mitigation

A Server-Side Request Forgery (SSRF) vulnerability was discovered in the WordPress WP Bannerize Pro plugin, identified as CVE-2025-58615. The vulnerability affects all versions of WP Bannerize Pro up to and including version 1.10.0, with the issue being disclosed on September 3, 2025. The vulnerability was initially reported by security researcher Nabil Irawan on July 12, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 4.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N. The vulnerability is classified under CWE-918 (Server-Side Request Forgery). The issue requires Editor-level privileges or higher to exploit (Patchstack, Rapid7).

The vulnerability could allow authenticated attackers with Editor-level access to make web requests to arbitrary locations originating from the web application. This could potentially be used to query and modify information from internal services, and attackers might be able to find sensitive information of other services running on the system (Rapid7, Patchstack).

The vulnerability has been fixed in version 1.11.0 of the WP Bannerize Pro plugin. Users are advised to update to version 1.11.0 or later to remove the vulnerability. Patchstack users have the option to enable auto-update for vulnerable plugins (Patchstack).